CVE-2018-4151

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
03/04/2018
Last modified:
03/10/2019

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* 11.3 (excluding)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 10.13.4 (excluding)