Details of VAR-201804-1162

ID

VAR-201804-1162

CVE

CVE-2018-4162

TITLE

plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-003687

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of comparison operators in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0003 ------------------------------------------------------------------------ Date reported : April 04, 2018 Advisory ID : WSA-2018-0003 Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. Several vulnerabilities were discovered in WebKitGTK+. Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Unexpected interaction with indexing types causing an ASSERT failure. Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks. Credit to OSS-Fuzz. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Zach Markley. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation. Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack. This issue was addressed with improved URL validation. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to a denial of service. Description: A memory corruption issue was addressed through improved input validation. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, April 04, 2018 . ========================================================================== Ubuntu Security Notice USN-3635-1 April 30, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3635-1 CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-3 tvOS 11.3 tvOS 11.3 is now available and addresses the following: CoreFoundation Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) NSURLSession Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) Quick Look Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) System Preferences Available for: Apple TV 4K and Apple TV (4th generation) Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlwpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZZFxAA y83tGHgdOMiUzTJ9w6jeb3ZsCsWehnJx4DrcBpcooPFijU69eBgbrM5d7BaN7jPZ rttzw3P5nm74c0V5SBI3rAHdPz0aK6uvci2kpHOGGcgpJLpaX5woj2hMmwEmlVwp q8bfFY1CkLrC69vIs0zu55MS8UFwSGzYUH575mo8kzBj1ieKGlf7BaU4axqSJdkI Mx5KzRPtUOza/xBU9NWMpOYdrX8mWDpCYXenQ4yPeTjeiFAgqibHEwauXkRoZZ/k qCZpzSVvPFvwfWRvHdoUC7qINKChDkjh3oD46cGf139jaoOf7L/IebmWIaPMVAqv BdTQi1mPE5ZK70/DznZfHy69xhFYO+MS53A0RyXZBZtZ7Vn4008rWINYSf/Q/X3m cStsCvSqZOtGLj0irfI3wyoPBltD3HX7eB2sCO6sJ3IFKOdzBoAL0HBdDP+4GCuU A2JQafdU2OsOlIYesmRRQicS10eo49By0ezEJ3hubUQWS82AkOtgyFIYurfENyD8 PHu4ajHfp/fNCn3f18I3DTPMro0ekxvvbKXTlVsD6X1rWMCz6toeaMX8pXd3EZPZ gnADdxpKc0nBFPoR07My7HISTSEDgwRcJdr2Xwf/ZoAxyR9HLIGRhiJFekCZbAsY PQ3rZOaPjuOvA09T8CN+seOQq/IGEO/VB9LIrBgJNs4= =KWP9 -----END PGP SIGNATURE----- . CVE-2018-4102: Kai Zhao of 3H security team CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com) Safari Login AutoFill Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. CVE-2018-4117: an anonymous researcher, an anonymous researcher Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: Safari 11.1 may be obtained from the Mac App Store

Trust: 3.06

sources: NVD: CVE-2018-4162 // JVNDB: JVNDB-2018-003687 // ZDI: ZDI-18-275 // VULHUB: VHN-134193 // VULMON: CVE-2018-4162 // PACKETSTORM: 149059 // PACKETSTORM: 147241 // PACKETSTORM: 147433 // PACKETSTORM: 146966 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.7.4	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3	Trust: 1.0
vendor:	webkitgtk	model:	webkitgtk\+	scope:	lt	version:	2.20.4	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	17.10	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.4 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.4 ( target os : windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	tv	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.4.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.0.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.0	Trust: 0.6

sources: ZDI: ZDI-18-275 // JVNDB: JVNDB-2018-003687 // CNNVD: CNNVD-201804-149 // NVD: CVE-2018-4162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4162
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4162
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-4162
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201804-149
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134193
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4162
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4162
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
VULHUB:	VHN-134193
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4162
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-275 // VULHUB: VHN-134193 // VULMON: CVE-2018-4162 // JVNDB: JVNDB-2018-003687 // CNNVD: CNNVD-201804-149 // NVD: CVE-2018-4162

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134193 // JVNDB: JVNDB-2018-003687 // NVD: CVE-2018-4162

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 147433 // CNNVD: CNNVD-201804-149

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201804-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003687

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134193

PATCH

title:	HT208697	url:	https://support.apple.com/en-us/HT208697	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/en-us/HT208698	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208694	url:	https://support.apple.com/en-us/HT208694	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/en-us/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/en-us/HT208696	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	HT208694	url:	https://support.apple.com/ja-jp/HT208694	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/ja-jp/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/ja-jp/HT208696	Trust: 0.8
title:	HT208697	url:	https://support.apple.com/ja-jp/HT208697	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/ja-jp/HT208698	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/kb/HT201222	Trust: 0.7
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83001	Trust: 0.6
title:	Apple: Safari 11.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ee3f60ca20e25abaeeaa2929b7de559a	Trust: 0.1
title:	Apple: watchOS 4.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0c9672f464c8ecdde98d280637ecb1c5	Trust: 0.1
title:	Apple: iCloud for Windows 7.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3c324dcae1b032626ce2245c5900fb36	Trust: 0.1
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3635-1	Trust: 0.1
title:	Apple: iTunes 12.7.4 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1b3706ef4ba6948ac20ebbbcffe7bc29	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1
title:	Apple: tvOS 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0eeec7064403af3bc921bd387f797adc	Trust: 0.1
title:	Apple: iOS 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=66db9acd354635a683838e3cd9bc2d76	Trust: 0.1

sources: ZDI: ZDI-18-275 // VULMON: CVE-2018-4162 // JVNDB: JVNDB-2018-003687 // CNNVD: CNNVD-201804-149

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4162	Trust: 4.0
db:	SECTRACK	id:	1040604	Trust: 1.8
db:	PACKETSTORM	id:	158874	Trust: 1.8
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003687	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5604	Trust: 0.7
db:	ZDI	id:	ZDI-18-275	Trust: 0.7
db:	CNNVD	id:	CNNVD-201804-149	Trust: 0.7
db:	CXSECURITY	id:	WLB-2020080074	Trust: 0.6
db:	VULHUB	id:	VHN-134193	Trust: 0.1
db:	VULMON	id:	CVE-2018-4162	Trust: 0.1
db:	PACKETSTORM	id:	149059	Trust: 0.1
db:	PACKETSTORM	id:	147241	Trust: 0.1
db:	PACKETSTORM	id:	147433	Trust: 0.1
db:	PACKETSTORM	id:	146966	Trust: 0.1
db:	PACKETSTORM	id:	146969	Trust: 0.1
db:	PACKETSTORM	id:	146970	Trust: 0.1
db:	PACKETSTORM	id:	146971	Trust: 0.1

sources: ZDI: ZDI-18-275 // VULHUB: VHN-134193 // VULMON: CVE-2018-4162 // JVNDB: JVNDB-2018-003687 // PACKETSTORM: 149059 // PACKETSTORM: 147241 // PACKETSTORM: 147433 // PACKETSTORM: 146966 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971 // CNNVD: CNNVD-201804-149 // NVD: CVE-2018-4162

REFERENCES

url:	https://security.gentoo.org/glsa/201808-04	Trust: 1.9
url:	http://packetstormsecurity.com/files/158874/safari-webkit-for-ios-7.1.2-jit-optimization-bug.html	Trust: 1.9
url:	https://usn.ubuntu.com/3635-1/	Trust: 1.9
url:	https://support.apple.com/ht208693	Trust: 1.8
url:	https://support.apple.com/ht208694	Trust: 1.8
url:	https://support.apple.com/ht208695	Trust: 1.8
url:	https://support.apple.com/ht208696	Trust: 1.8
url:	https://support.apple.com/ht208697	Trust: 1.8
url:	https://support.apple.com/ht208698	Trust: 1.8
url:	http://www.securitytracker.com/id/1040604	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4162	Trust: 1.5
url:	https://support.apple.com/kb/ht201222	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4162	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4101	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4114	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4120	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4163	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4127	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4165	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4125	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4128	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4118	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4113	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4122	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4119	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4146	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4129	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4117	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4161	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2020080074	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4121	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4133	Trust: 0.4
url:	https://www.apple.com/support/security/pgp/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4130	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4144	Trust: 0.3
url:	https://webkitgtk.org/security/wsa-2018-0003.html	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4265	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0004.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4264	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4261	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11713	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4263	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12293	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12294	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4262	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4284	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4266	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4273	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0006.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4267	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4272	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4278	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0005.html	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3635-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4155	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4143	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4142	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4166	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4115	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4167	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4157	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4102	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4116	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4137	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1

CREDITS

WanderingGlitch - Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-275

SOURCES

db:	ZDI	id:	ZDI-18-275
db:	VULHUB	id:	VHN-134193
db:	VULMON	id:	CVE-2018-4162
db:	JVNDB	id:	JVNDB-2018-003687
db:	PACKETSTORM	id:	149059
db:	PACKETSTORM	id:	147241
db:	PACKETSTORM	id:	147433
db:	PACKETSTORM	id:	146966
db:	PACKETSTORM	id:	146969
db:	PACKETSTORM	id:	146970
db:	PACKETSTORM	id:	146971
db:	CNNVD	id:	CNNVD-201804-149
db:	NVD	id:	CVE-2018-4162

LAST UPDATE DATE

2024-11-20T19:32:24.876000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-275	date:	2018-04-06T00:00:00
db:	VULHUB	id:	VHN-134193	date:	2020-08-14T00:00:00
db:	VULMON	id:	CVE-2018-4162	date:	2020-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-003687	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-149	date:	2020-08-17T00:00:00
db:	NVD	id:	CVE-2018-4162	date:	2020-08-14T23:15:12.293

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-275	date:	2018-04-06T00:00:00
db:	VULHUB	id:	VHN-134193	date:	2018-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4162	date:	2018-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-003687	date:	2018-06-01T00:00:00
db:	PACKETSTORM	id:	149059	date:	2018-08-23T18:40:24
db:	PACKETSTORM	id:	147241	date:	2018-04-18T13:33:33
db:	PACKETSTORM	id:	147433	date:	2018-05-02T04:32:41
db:	PACKETSTORM	id:	146966	date:	2018-03-30T15:52:53
db:	PACKETSTORM	id:	146969	date:	2018-03-30T15:55:24
db:	PACKETSTORM	id:	146970	date:	2018-03-30T15:55:41
db:	PACKETSTORM	id:	146971	date:	2018-03-30T15:56:03
db:	CNNVD	id:	CNNVD-201804-149	date:	2018-04-03T00:00:00
db:	NVD	id:	CVE-2018-4162	date:	2018-04-03T06:29:07.467