CVE-2018-4101

CVE-2018-4101

Name

CVE-2018-4101

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://support.apple.com/HT208698
Vendor Advisory	https://support.apple.com/HT208697
Vendor Advisory	https://support.apple.com/HT208695
Vendor Advisory	https://support.apple.com/HT208694
Vendor Advisory	https://support.apple.com/HT208693
Third Party Advisory	http://www.securitytracker.com/id/1040604
Third Party Advisory	https://usn.ubuntu.com/3635-1/
Third Party Advisory	https://security.gentoo.org/glsa/201808-04

Type

URI

Vendor Advisory

https://support.apple.com/HT208698

Vendor Advisory

https://support.apple.com/HT208697

Vendor Advisory

https://support.apple.com/HT208695

Vendor Advisory

https://support.apple.com/HT208694

Vendor Advisory

https://support.apple.com/HT208693

Third Party Advisory

http://www.securitytracker.com/id/1040604

Third Party Advisory

https://usn.ubuntu.com/3635-1/

Third Party Advisory

https://security.gentoo.org/glsa/201808-04

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 11.3
`cpe:2.3:o:apple:tvos::::::::`	tvos	>= None	< 11.3
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 11.1

CPE URI

Source package

Min version

Max version

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 11.3

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

tvos

>= None

< 11.3

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 11.1

References

Match rules

Vulnerable and fixed packages