com_apple_AVEBridge::queryCompletion Invalid Read

Product Apple macOS 10.13.1
Severity High
CVE Reference CVE-2017-13848
Type Memory Corruption


The ‘’ IOKit kernel extension was found to contain a vulnerability when handling data passed from user space into the kernel. 


This vulnerability could be used to obtain kernel code execution on affected systems. 


The kernel extension does not perform appropriate sanitisation of data passed from user space. 

Interim Workaround



Users should apply the released security update from Apple ( 

Technical details

Please refer to the attached advisory. 

Disclosure Timeline

Date Summary
2017-09-25 Issue reported to vendor
2017-12-06 Vendor issues patch
2018-01-19 MWR Labs releases advisory