CVE-2018-4150

Vulnerability

A memory corruption issue exists in the XNU kernel component of iOS before 11.3, macOS before 10.13.4, tvOS before 11.3, and watchOS before 4.3 [1][2][3][4]. The bug is triggered when the kernel processes certain system calls from a crafted application, leading to an out-of-bounds memory access. No special configuration is required beyond the ability to run an app on the device.

Exploitation

An attacker must first persuade the user to install a malicious application (via the App Store or enterprise deployment). Once the app runs, it can send a crafted set of system calls to the kernel, exploiting the race condition or input validation flaw to corrupt kernel memory [1][3][4]. The attack requires no physical access or network connection; it is performed entirely from user space on the local device.

Impact

Successful exploitation provides arbitrary code execution in kernel (ring 0) context, granting the attacker complete control over the device — including the ability to install additional software, read and modify any data, and bypass security mechanisms. Alternatively, the attacker can trigger a denial of service (system crash) [1][2]. The compromise is total and permanent until the device is rebooted or patched.

Mitigation

Apple released fixes on March 29, 2018: iOS 11.3, macOS High Sierra 10.13.4 (and security updates for Sierra and El Capitan), tvOS 11.3, and watchOS 4.3 [1][2][3][4]. Users should update through the Settings app or Software Update. No workaround exists for unpatched systems. This CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.