CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Icloud	Apple	*	7.0 (including)
Itunes	Apple	*	12.7 (excluding)
Iphone_os	Apple	*	11 (excluding)
Mac_os_x	Apple	*	10.13 (excluding)
Watchos	Apple	*	4 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/HT208112
https://support.apple.com/en-us/HT208115
https://support.apple.com/en-us/HT208141
https://support.apple.com/en-us/HT208142
https://support.apple.com/en-us/HT208144
https://support.apple.com/en-us/HT208112
https://support.apple.com/en-us/HT208115
https://support.apple.com/en-us/HT208141
https://support.apple.com/en-us/HT208142
https://support.apple.com/en-us/HT208144

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-4302
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References