CVE-2018-4350
Description
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in AFP server in macOS prior to 10.14 allows remote attacker to attack via HTTP clients.
Vulnerability
A memory corruption issue exists in the AFP server (afpserver) on macOS versions prior to 10.14. The bug is caused by improper input validation, which can be triggered remotely. Affected versions include macOS Sierra 10.12.6 and macOS High Sierra 10.13.6 [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending crafted HTTP requests to the AFP server. No special network position or user interaction is required [1].
Impact
Successful exploitation of the memory corruption could allow the attacker to execute arbitrary code or cause a denial-of-service condition on the target system [1].
Mitigation
Apple addressed this issue in macOS Mojave 10.14 (released September 24, 2018) and in Security Update 2018-002 High Sierra and Security Update 2018-005 Sierra (released October 30, 2018). Users should update to the latest available versions [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.14
- Range: Versions prior to: macOS Mojave 10.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.apple.com/kb/HT209139mitrex_refsource_MISC
- support.apple.com/kb/HT209193mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.