CVE-2018-4113

EPSS 1.16%
Published 03.04.2018 06:29:04
Last modified 21.11.2024 04:06:47
Source product-security@apple.com
Teams watchlist Login
Open Login

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Version < 11.1

Apple ≫ iPhone OS Version < 11.3

Apple ≫ tvOS Version < 11.3

Apple ≫ watchOS Version < 4.3

Apple ≫ iCloud Version < 7.4

Microsoft ≫ Windows Version-

Apple ≫ iTunes Version < 12.7.4

Microsoft ≫ Windows Version-

Webkitgtk ≫ Webkitgtk+ Version < 2.20.4

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.16%	0.766

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

http://www.securitytracker.com/id/1040604

Third Party Advisory

VDB Entry

https://security.gentoo.org/glsa/201808-04

Third Party Advisory

https://support.apple.com/HT208693

Vendor Advisory

https://support.apple.com/HT208694

Vendor Advisory

https://support.apple.com/HT208695

Vendor Advisory

https://support.apple.com/HT208697