CVE-2018-4403
Description
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An input validation issue in afpserver allowed remote attackers to attack AFP servers via HTTP clients, fixed in macOS Mojave 10.14.1.
Vulnerability
An input validation issue existed in afpserver on macOS. This issue allowed a remote attacker to potentially attack AFP servers through HTTP clients. The vulnerability affected macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and versions of macOS Mojave prior to 10.14.1 [1].
Exploitation
A remote attacker with network access could send specially crafted HTTP requests to an affected AFP server, triggering the input validation issue. No authentication or user interaction is required [1].
Impact
Successful exploitation could allow the attacker to attack the AFP server, potentially leading to unauthorized actions such as denial of service or code execution. The exact impact is not fully disclosed, but the vulnerability is rated as important by Apple [1].
Mitigation
Apple addressed the issue in macOS Mojave 10.14.1, as well as Security Update 2018-002 High Sierra and Security Update 2018-005 Sierra, all released on October 30, 2018. Users should update to the latest available version [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.14.1
- Range: Versions prior to: macOS Mojave 10.14.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- support.apple.com/kb/HT209193mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.