CVE-2018-4192

Exploit

EPSS 43.35%
Published 08.06.2018 18:29:00
Last modified 21.11.2024 04:06:56
Source product-security@apple.com
Teams watchlist Login
Open Login

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Version < 11.1.1

Apple ≫ iPhone OS Version < 11.4

Apple ≫ tvOS Version < 11.4

Apple ≫ watchOS Version < 4.3.1

Apple ≫ iCloud Version < 7.5

Microsoft ≫ Windows Version-

Apple ≫ iTunes Version < 12.7.5

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	43.35%	0.974

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://security.gentoo.org/glsa/201808-04

Third Party Advisory

http://www.securitytracker.com/id/1041029

Third Party Advisory

VDB Entry

https://support.apple.com/HT208848

Vendor Advisory

https://support.apple.com/HT208850

Vendor Advisory

https://support.apple.com/HT208852

Vendor Advisory

https://support.apple.com/HT208853