CVE-2018-4246

CVE-2018-4246

Name

CVE-2018-4246

Description

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://support.apple.com/HT208854
Vendor Advisory	https://support.apple.com/HT208853
Vendor Advisory	https://support.apple.com/HT208852
Vendor Advisory	https://support.apple.com/HT208851
Vendor Advisory	https://support.apple.com/HT208850
Vendor Advisory	https://support.apple.com/HT208848
Third Party Advisory	http://www.securitytracker.com/id/1041029
Third Party Advisory	https://usn.ubuntu.com/3743-1/

Type

URI

Vendor Advisory

https://support.apple.com/HT208854

Vendor Advisory

https://support.apple.com/HT208853

Vendor Advisory

https://support.apple.com/HT208852

Vendor Advisory

https://support.apple.com/HT208851

Vendor Advisory

https://support.apple.com/HT208850

Vendor Advisory

https://support.apple.com/HT208848

Third Party Advisory

http://www.securitytracker.com/id/1041029

Third Party Advisory

https://usn.ubuntu.com/3743-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:apple:tvos::::::::`	tvos	>= None	< 11.4
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 11.4
`cpe:2.3:o:apple:watchos::::::::`	watchos	>= None	< 4.3.1
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 11.1.1

CPE URI

Source package

Min version

Max version

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

tvos

>= None

< 11.4

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 11.4

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

watchos

>= None

< 4.3.1

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 11.1.1

References

Match rules

Vulnerable and fixed packages