CVE-2018-4338
Description
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A validation issue in macOS Bluetooth stack could allow an attacker to read kernel memory, fixed in macOS Mojave 10.14.
Vulnerability
A validation issue exists in the Bluetooth stack of macOS, affecting versions prior to macOS Mojave 10.14. The vulnerability is addressed with improved input sanitization in the Bluetooth component. Affected systems include a wide range of Mac models from 2011 to 2015 as specified in the Apple security advisory [1].
Exploitation
An attacker in close physical proximity (within Bluetooth range) can exploit this vulnerability by sending a crafted Bluetooth packet to the target system. No authentication or user interaction appears to be required for the attack to reach the vulnerable code path [1].
Impact
Successful exploitation may lead to reading kernel memory, potentially allowing the attacker to discover sensitive information stored in the kernel space [1]. This represents a confidentiality compromise.
Mitigation
The vulnerability is fixed in macOS Mojave 10.14, which was released on September 24, 2018 [1]. Users should update to this version or later to protect against potential attacks. No workarounds are provided in the available references, and this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.14
- Range: Versions prior to: macOS Mojave 10.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- support.apple.com/kb/HT209139mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.