CVE-2018-4346

Vulnerability

A validation issue existed in macOS prior to version 10.14 (Mojave) that allowed local file access. The vulnerability was present in the macOS operating system and was addressed with improved input sanitization in macOS Mojave 10.14. The issue affected all versions of macOS before the 10.14 release.

Exploitation

An attacker with local access to the system could exploit this vulnerability. The exact attack vector is not detailed in the available references, but the issue involves a validation flaw that permits reading files from the local filesystem. No additional authentication or user interaction beyond local access is specified.

Impact

Successful exploitation allows a local attacker to access files on the affected system, potentially leading to disclosure of sensitive information. The impact is limited to local file access; the vulnerability does not appear to allow remote code execution or privilege escalation.

Mitigation

Apple addressed this issue in macOS Mojave 10.14, which was released on September 24, 2018 [2]. Users who upgrade to macOS Mojave 10.14 or later are protected. There is no workaround mentioned for older, unsupported systems. No KEV listing is associated with this CVE.