Lucene search

[email protected]CVE-2018-4218

HistoryJun 08, 2018 - 6:29 p.m.

CVE-2018-4218

2018-06-0818:29:01

CWE-416

[email protected]

web.nvd.nist.gov

cve

2018

4218

apple

ios

safari

icloud

itunes

tvos

watchos

webkit

remote attackers

arbitrary code

denial of service

memory corruption

application crash

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.464 Medium

EPSS

Percentile

97.4%

JSON

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.

Affected configurations

NVD

Node

applesafariRange<11.1.1

appleiphone_osRange<11.4

appletvosRange<11.4

applewatchosRange<4.3.1

Node

appleicloudRange<7.5

AND

microsoftwindowsMatch-

Node

appleitunesRange<12.7.5

AND

microsoftwindowsMatch-

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

canonicalubuntu_linuxMatch18.04lts

CPENameOperatorVersion
apple:safariapple safarilt11.1.1
apple:iphone_osapple iphone oslt11.4
apple:tvosapple tvoslt11.4
apple:watchosapple watchoslt4.3.1