ID

VAR-201804-1186


CVE

CVE-2018-4127


TITLE

plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-003707

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of RenderLayer objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.3; Safari prior to 11.1; Windows-based iCloud prior to 7.4; Windows-based iTunes prior to 12.7.4; tvOS prior to 11.3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0003 ------------------------------------------------------------------------ Date reported : April 04, 2018 Advisory ID : WSA-2018-0003 Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. Several vulnerabilities were discovered in WebKitGTK+. Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Unexpected interaction with indexing types causing an ASSERT failure. Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks. Credit to OSS-Fuzz. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Zach Markley. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation. Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack. This issue was addressed with improved URL validation. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to a denial of service. Description: A memory corruption issue was addressed through improved input validation. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, April 04, 2018 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-1 iOS 11.3 iOS 11.3 is now available and addresses the following: Clock Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: An information disclosure issue existed in the handling of alarms and timers. CVE-2018-4123: Zaheen Hafzar M M (@zaheenhafzer) CoreFoundation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4155: Samuel GroA (@5aelo) CVE-2018-4158: Samuel GroA (@5aelo) CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4167: Samuel GroA (@5aelo) Files Widget Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: File Widget may display contents on a locked device Description: The File Widget was displaying cached data when in the locked state. CVE-2018-4168: Brandon Moore Find My iPhone Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed when restoring from a back up. CVE-2018-4172: Viljami VastamA$?ki iCloud Drive Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4151: Samuel GroA (@5aelo) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4150: an anonymous researcher Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4174: an anonymous researcher, an anonymous researcher NSURLSession Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) PluginKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4156: Samuel GroA (@5aelo) Quick Look Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4134: xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department Safari Login AutoFill Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. CVE-2018-4137: SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to user interface spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2018-4149: Abhinash Jain (@abhinashjain) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4154: Samuel GroA (@5aelo) System Preferences Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. CVE-2018-4115: Johann Thalakada, Vladimir Zubkov, and Matt Vlasach of Wandera Telephony Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed when handling Class 0 SMS messages. CVE-2018-4140: @mjonsson, Arjan van der Oest of Voiceworks BV Web App Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in web app Description: A cookie management issue was addressed through improved state management. CVE-2018-4110: Ben Compton and Jason Colley of Cerner Corporation WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. CVE-2018-4117: an anonymous researcher, an anonymous researcher WindowServer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An unprivileged application may be able to log keystrokes entered into other applications even when secure input mode is enabled Description: By scanning key states, an unprivileged application could log keystrokes entered into other applications even when secure input mode was enabled. CVE-2018-4131: Andreas Hegenberg of folivora.AI GmbH Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbhLRAA to9k0U/CI3PfYp2o2lluS7LgE3jvA7+pXvdjbvoh14BFHf9Wv+yhdtyLQEDSne+0 TM8BkiMgEmo+uKKcVFCDeV9GrkWqO7ocBfT65hj4A/vxPAS6xlBTV9mjZXiqvSWs +Cbb4Nd53o6m2QRORkjNVZ2h0ow53J5RirnyzjWt4LMdCpc4jMG87OCuQheKzjxq g6gOlwblVrRxH6aMX5if/SetGGxzZeY5sKwe1Xhz6yIYsm1Gw45REt3FJs4KEh5Z oL+yWVvaGLOPDzC+DBX0dXJmsqLx9wzDJsqQ2J6Mb/nh1Tgh6NDdHkDCAZ7P6CeU 0IpXK7aaPkRy5GUbkAdzdPEFql9e0/jGlqMf/rZlNTItbgtn0+9e2zsJ0UPPRcWi +7IQygkXnXmYUZ0wrh/Wdye/jAJZpLdsUuWr1RalTdmDASU/tzgpoglf3EyTQoRy IqFGRSe6+no8Pw1qCLUvZz8C6dTKvE+Jv5oe9XbCEjsvpRmQZK64FiQ0HIaAMHKo Rl9OY6+evzyqdAtivE4AFCRT7Z15pktFYAVefWkdVFbVU2mCYF+peXIq6tGg4o+g 70E29XaDZBakcVho9bW4e2rDA+m606ILuZ4AyjEEvfRYH+d+WTvDqdIywq0V7grj qlU787sRw/tVx646jcHVqbYZEgZVmeAvcT8C2c0Zhvo= =RJi8 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3635-1 April 30, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3635-1 CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1 . Installation note: Safari 11.1 may be obtained from the Mac App Store

Trust: 3.06

sources: NVD: CVE-2018-4127 // JVNDB: JVNDB-2018-003707 // ZDI: ZDI-18-274 // VULHUB: VHN-134158 // VULMON: CVE-2018-4127 // PACKETSTORM: 149059 // PACKETSTORM: 147241 // PACKETSTORM: 146964 // PACKETSTORM: 147433 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971

AFFECTED PRODUCTS

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:applemodel:safariscope:ltversion:11.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:17.10

Trust: 1.0

vendor:webkitgtkmodel:webkitgtk\+scope:ltversion:2.20.4

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.4

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.4

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.4 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.3 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.4 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (macos high sierra 10.13.4)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.3 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:12.2.2

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.6

sources: ZDI: ZDI-18-274 // JVNDB: JVNDB-2018-003707 // CNNVD: CNNVD-201804-179 // NVD: CVE-2018-4127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4127
value: HIGH

Trust: 1.0

NVD: CVE-2018-4127
value: HIGH

Trust: 0.8

ZDI: CVE-2018-4127
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201804-179
value: HIGH

Trust: 0.6

VULHUB: VHN-134158
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4127
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4127
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

VULHUB: VHN-134158
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4127
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-274 // VULHUB: VHN-134158 // VULMON: CVE-2018-4127 // JVNDB: JVNDB-2018-003707 // CNNVD: CNNVD-201804-179 // NVD: CVE-2018-4127

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134158 // JVNDB: JVNDB-2018-003707 // NVD: CVE-2018-4127

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 147433 // CNNVD: CNNVD-201804-179

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201804-179

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003707

PATCH

title:HT208698url:https://support.apple.com/en-us/HT208698

Trust: 0.8

title:HT208693url:https://support.apple.com/en-us/HT208693

Trust: 0.8

title:HT208694url:https://support.apple.com/en-us/HT208694

Trust: 0.8

title:HT208695url:https://support.apple.com/en-us/HT208695

Trust: 0.8

title:HT208697url:https://support.apple.com/en-us/HT208697

Trust: 0.8

title:HT208693url:https://support.apple.com/ja-jp/HT208693

Trust: 0.8

title:HT208694url:https://support.apple.com/ja-jp/HT208694

Trust: 0.8

title:HT208695url:https://support.apple.com/ja-jp/HT208695

Trust: 0.8

title:HT208697url:https://support.apple.com/ja-jp/HT208697

Trust: 0.8

title:HT208698url:https://support.apple.com/ja-jp/HT208698

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/kb/HT201222

Trust: 0.7

title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83031

Trust: 0.6

title:Apple: Safari 11.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ee3f60ca20e25abaeeaa2929b7de559a

Trust: 0.1

title:Apple: iCloud for Windows 7.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3c324dcae1b032626ce2245c5900fb36

Trust: 0.1

title:Ubuntu Security Notice: webkit2gtk vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3635-1

Trust: 0.1

title:Apple: iTunes 12.7.4 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1b3706ef4ba6948ac20ebbbcffe7bc29

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4

Trust: 0.1

title:Apple: tvOS 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0eeec7064403af3bc921bd387f797adc

Trust: 0.1

title:Apple: iOS 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=66db9acd354635a683838e3cd9bc2d76

Trust: 0.1

sources: ZDI: ZDI-18-274 // VULMON: CVE-2018-4127 // JVNDB: JVNDB-2018-003707 // CNNVD: CNNVD-201804-179

EXTERNAL IDS

db:NVDid:CVE-2018-4127

Trust: 4.0

db:SECTRACKid:1040604

Trust: 1.8

db:JVNid:JVNVU92378299

Trust: 0.8

db:JVNDBid:JVNDB-2018-003707

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5388

Trust: 0.7

db:ZDIid:ZDI-18-274

Trust: 0.7

db:CNNVDid:CNNVD-201804-179

Trust: 0.6

db:VULHUBid:VHN-134158

Trust: 0.1

db:VULMONid:CVE-2018-4127

Trust: 0.1

db:PACKETSTORMid:149059

Trust: 0.1

db:PACKETSTORMid:147241

Trust: 0.1

db:PACKETSTORMid:146964

Trust: 0.1

db:PACKETSTORMid:147433

Trust: 0.1

db:PACKETSTORMid:146969

Trust: 0.1

db:PACKETSTORMid:146970

Trust: 0.1

db:PACKETSTORMid:146971

Trust: 0.1

sources: ZDI: ZDI-18-274 // VULHUB: VHN-134158 // VULMON: CVE-2018-4127 // JVNDB: JVNDB-2018-003707 // PACKETSTORM: 149059 // PACKETSTORM: 147241 // PACKETSTORM: 146964 // PACKETSTORM: 147433 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971 // CNNVD: CNNVD-201804-179 // NVD: CVE-2018-4127

REFERENCES

url:https://security.gentoo.org/glsa/201808-04

Trust: 1.9

url:https://usn.ubuntu.com/3635-1/

Trust: 1.9

url:https://support.apple.com/ht208693

Trust: 1.8

url:https://support.apple.com/ht208694

Trust: 1.8

url:https://support.apple.com/ht208695

Trust: 1.8

url:https://support.apple.com/ht208697

Trust: 1.8

url:https://support.apple.com/ht208698

Trust: 1.8

url:http://www.securitytracker.com/id/1040604

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4127

Trust: 1.5

url:https://support.apple.com/kb/ht201222

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4127

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92378299/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4101

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4114

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4120

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4125

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4128

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4118

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4113

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4122

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4117

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4119

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4146

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4129

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4163

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4165

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4162

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4121

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4161

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4133

Trust: 0.4

url:https://www.apple.com/support/security/pgp/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-4130

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-4144

Trust: 0.3

url:https://webkitgtk.org/security/wsa-2018-0003.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4137

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht208695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4265

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4233

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0004.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4261

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11713

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4204

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4263

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11646

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4262

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4266

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4273

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0006.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4201

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4272

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4199

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4278

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0005.html

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4218

Trust: 0.1

url:https://webkitgtk.org/security.html

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4123

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4142

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4110

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4131

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4104

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4150

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3635-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4102

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4116

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

url:https://support.apple.com/ht204283

Trust: 0.1

sources: ZDI: ZDI-18-274 // VULHUB: VHN-134158 // VULMON: CVE-2018-4127 // JVNDB: JVNDB-2018-003707 // PACKETSTORM: 149059 // PACKETSTORM: 147241 // PACKETSTORM: 146964 // PACKETSTORM: 147433 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971 // CNNVD: CNNVD-201804-179 // NVD: CVE-2018-4127

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-18-274

SOURCES

db:ZDIid:ZDI-18-274
db:VULHUBid:VHN-134158
db:VULMONid:CVE-2018-4127
db:JVNDBid:JVNDB-2018-003707
db:PACKETSTORMid:149059
db:PACKETSTORMid:147241
db:PACKETSTORMid:146964
db:PACKETSTORMid:147433
db:PACKETSTORMid:146969
db:PACKETSTORMid:146970
db:PACKETSTORMid:146971
db:CNNVDid:CNNVD-201804-179
db:NVDid:CVE-2018-4127

LAST UPDATE DATE

2024-11-23T21:19:16.108000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-274date:2018-04-06T00:00:00
db:VULHUBid:VHN-134158date:2019-03-08T00:00:00
db:VULMONid:CVE-2018-4127date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2018-003707date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-179date:2019-03-13T00:00:00
db:NVDid:CVE-2018-4127date:2024-11-21T04:06:49.120

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-274date:2018-04-06T00:00:00
db:VULHUBid:VHN-134158date:2018-04-03T00:00:00
db:VULMONid:CVE-2018-4127date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2018-003707date:2018-06-01T00:00:00
db:PACKETSTORMid:149059date:2018-08-23T18:40:24
db:PACKETSTORMid:147241date:2018-04-18T13:33:33
db:PACKETSTORMid:146964date:2018-03-30T15:52:10
db:PACKETSTORMid:147433date:2018-05-02T04:32:41
db:PACKETSTORMid:146969date:2018-03-30T15:55:24
db:PACKETSTORMid:146970date:2018-03-30T15:55:41
db:PACKETSTORMid:146971date:2018-03-30T15:56:03
db:CNNVDid:CNNVD-201804-179date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4127date:2018-04-03T06:29:05.623