CVE-2018-4368
Description
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in Apple's AVFoundation framework, addressed in iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, and watchOS 5.1.
Vulnerability
A denial of service issue exists in the AppleAVD component of Apple's AVFoundation framework, affecting versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, and watchOS 5.1. The vulnerability is an input validation issue that can be triggered by processing malicious video content via FaceTime [2]. The official description states that the issue is addressed with improved validation [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted video stream or file that, when processed by the AVFoundation decoder (AppleAVD), causes an unexpected condition. The attack vector is remote, requiring no authentication, and can be delivered through a FaceTime call or by persuading a user to play a malicious video file. No user interaction beyond receiving the call or playing the file is required [2].
Impact
Successful exploitation leads to a denial of service, potentially causing the affected application or the entire system to crash. This disrupts availability but does not provide code execution or data compromise. The impact is limited to denial of service, as per the CVE description [1][2].
Mitigation
Apple released fixes on October 30, 2018, as part of iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, and watchOS 5.1. Users should update to these versions or later. No workarounds are documented; updating is the only mitigation [1][2][3][4].
- About the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra - Apple Support
- About the security content of iOS 12.1 - Apple Support
- About the security content of watchOS 5.1 - Apple Support
- About the security content of tvOS 12.1 - Apple Support
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: <10.14.1
- Range: <12.1
- Range: <5.1
- Range: <12.1
- Range: Versions prior to: iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/kb/HT209192mitrex_refsource_MISC
- support.apple.com/kb/HT209193mitrex_refsource_MISC
- support.apple.com/kb/HT209194mitrex_refsource_MISC
- support.apple.com/kb/HT209195mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.