Details of VAR-201806-1462

ID

VAR-201806-1462

CVE

CVE-2018-4218

TITLE

plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005543

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo) FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved validation of S-MIME certificates. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to enable Siri from the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn) Siri Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with physical access to a device may be able to see private contact information Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4244: an anonymous researcher UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1ApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHObHBAA jBRwdrK3Eks7V798k16MQFOvlqkofZWO3D+Qxb5OSzxixGy0r/vml78tnerJ546C p9UrL/1IxH1PERiWevubg6nbWFstBrOhY0FWLiope9oLAMB92iMM/7a+O/6EHjOc 9p6Y/Bud0OwFHEoJmN4HLGMUubm1uTAdalXSmfanxuFvjpxAeczYvW/+wAblOnHr KfclXy68dfUlW0NMP0kbQwnk1lVrb8QKEeayYli19c8zSVC38eYyKYZwhRC37yWT ViBRSz9zVvgJQKX4JgjV6cRO3uIFZX+sksr6VdMM0nHjsTUT6Mc+IAe9Is3YlJCO x0H8+WeloeKrwNDs60Grz7tRNVpevIlInLEQJkuoOD3niWqzt0Q40IzCNlgd8FBv ZB5iencgWy/ObRJSgoOq29EIlt+KEb9nSJx3h6kByo0ZxYhSVrDm44cHzCF0+/zN vY4XR3hJpc1S3ySiSkWHIhqjPAEP7cb/D7Az/5SGgle8cklem5haOdzAkeOHnzim laKEg+F3vue6W+n9iv0x0byVBhC5Xr1iNuRh7+uor5TIVPR2s4moWOWvyTruG2Kk RLlL700y2OZl/04nTgxxShCwLygXiKd07nuFIh4fKiMcGw31HKx1Choof6sPHqzo Grg2dx9YQXTCTIsdDNG581MIwzVvJPLSM5OeNsHQEd0= =7ZCv -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About". ========================================================================== Ubuntu Security Notice USN-3687-1 June 18, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.18.04.1 Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3687-1 CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.16.04.1

Trust: 2.61

sources: NVD: CVE-2018-4218 // JVNDB: JVNDB-2018-005543 // VULHUB: VHN-134249 // VULMON: CVE-2018-4218 // PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148219 // PACKETSTORM: 148016

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	11.1.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	17.10	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	icloud	scope:	lt	version:	7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 0.6

sources: JVNDB: JVNDB-2018-005543 // CNNVD: CNNVD-201806-614 // NVD: CVE-2018-4218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4218
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4218
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-614
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134249
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4218
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4218
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134249
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4218
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134249 // VULMON: CVE-2018-4218 // JVNDB: JVNDB-2018-005543 // CNNVD: CNNVD-201806-614 // NVD: CVE-2018-4218

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-134249 // JVNDB: JVNDB-2018-005543 // NVD: CVE-2018-4218

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 148219 // CNNVD: CNNVD-201806-614

TYPE

overflow, code execution

Trust: 0.8

sources: PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005543

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134249 // VULMON: CVE-2018-4218

PATCH

title:	HT208853	url:	https://support.apple.com/en-us/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/en-us/HT208854	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/en-us/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/en-us/HT208852	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/ja-jp/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/ja-jp/HT208852	Trust: 0.8
title:	HT208853	url:	https://support.apple.com/ja-jp/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/ja-jp/HT208854	Trust: 0.8
title:	USN-3687-1	url:	https://usn.ubuntu.com/3687-1/	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80808	Trust: 0.6
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3687-1	Trust: 0.1
title:	Apple: Safari 11.1.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a694f067de60896ce5475c3b24f85ae2	Trust: 0.1
title:	Apple: iTunes 12.7.5 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=427778ba6ddba25910ede3bba3ecff86	Trust: 0.1
title:	Apple: iCloud for Windows 7.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02a7454fe2f6b5665d8cc96d80b7dfc4	Trust: 0.1
title:	Apple: watchOS 4.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f4c2f01c97a0857022a69b5486be838	Trust: 0.1
title:	Apple: tvOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb	Trust: 0.1
title:	Apple: iOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1

sources: VULMON: CVE-2018-4218 // JVNDB: JVNDB-2018-005543 // CNNVD: CNNVD-201806-614

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4218	Trust: 3.5
db:	EXPLOIT-DB	id:	44861	Trust: 1.8
db:	SECTRACK	id:	1041029	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005543	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-614	Trust: 0.7
db:	PACKETSTORM	id:	148092	Trust: 0.1
db:	SEEBUG	id:	SSVID-97334	Trust: 0.1
db:	VULHUB	id:	VHN-134249	Trust: 0.1
db:	VULMON	id:	CVE-2018-4218	Trust: 0.1
db:	PACKETSTORM	id:	148017	Trust: 0.1
db:	PACKETSTORM	id:	148645	Trust: 0.1
db:	PACKETSTORM	id:	148644	Trust: 0.1
db:	PACKETSTORM	id:	148028	Trust: 0.1
db:	PACKETSTORM	id:	148018	Trust: 0.1
db:	PACKETSTORM	id:	148026	Trust: 0.1
db:	PACKETSTORM	id:	148027	Trust: 0.1
db:	PACKETSTORM	id:	148219	Trust: 0.1
db:	PACKETSTORM	id:	148016	Trust: 0.1

sources: VULHUB: VHN-134249 // VULMON: CVE-2018-4218 // JVNDB: JVNDB-2018-005543 // PACKETSTORM: 148017 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148219 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-614 // NVD: CVE-2018-4218

REFERENCES

url:	https://www.exploit-db.com/exploits/44861/	Trust: 1.9
url:	https://usn.ubuntu.com/3687-1/	Trust: 1.9
url:	https://support.apple.com/ht208848	Trust: 1.8
url:	https://support.apple.com/ht208850	Trust: 1.8
url:	https://support.apple.com/ht208851	Trust: 1.8
url:	https://support.apple.com/ht208852	Trust: 1.8
url:	https://support.apple.com/ht208853	Trust: 1.8
url:	https://support.apple.com/ht208854	Trust: 1.8
url:	https://security.gentoo.org/glsa/201808-04	Trust: 1.8
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1553	Trust: 1.8
url:	http://www.securitytracker.com/id/1041029	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4218	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 0.8
url:	https://www.apple.com/support/security/pgp/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4246	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4224	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4188	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4225	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4226	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4235	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4198	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4240	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4237	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4223	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4211	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4241	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4249	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4206	Trust: 0.4
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4215	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4227	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4100	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4239	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12293	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3687-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.17.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4205	Trust: 0.1

CREDITS

Apple

Trust: 0.8

SOURCES

db:	VULHUB	id:	VHN-134249
db:	VULMON	id:	CVE-2018-4218
db:	JVNDB	id:	JVNDB-2018-005543
db:	PACKETSTORM	id:	148017
db:	PACKETSTORM	id:	148645
db:	PACKETSTORM	id:	148644
db:	PACKETSTORM	id:	148028
db:	PACKETSTORM	id:	148018
db:	PACKETSTORM	id:	148026
db:	PACKETSTORM	id:	148027
db:	PACKETSTORM	id:	148219
db:	PACKETSTORM	id:	148016
db:	CNNVD	id:	CNNVD-201806-614
db:	NVD	id:	CVE-2018-4218

LAST UPDATE DATE

2025-02-22T22:59:48.103000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134249	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-4218	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-005543	date:	2018-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201806-614	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-4218	date:	2024-11-21T04:06:59.627

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134249	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-4218	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005543	date:	2018-07-20T00:00:00
db:	PACKETSTORM	id:	148017	date:	2018-06-04T15:58:18
db:	PACKETSTORM	id:	148645	date:	2018-07-23T15:22:22
db:	PACKETSTORM	id:	148644	date:	2018-07-23T14:04:44
db:	PACKETSTORM	id:	148028	date:	2018-06-04T16:10:27
db:	PACKETSTORM	id:	148018	date:	2018-06-04T15:58:45
db:	PACKETSTORM	id:	148026	date:	2018-06-04T16:09:27
db:	PACKETSTORM	id:	148027	date:	2018-06-04T16:10:01
db:	PACKETSTORM	id:	148219	date:	2018-06-18T16:11:08
db:	PACKETSTORM	id:	148016	date:	2018-06-04T15:57:32
db:	CNNVD	id:	CNNVD-201806-614	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4218	date:	2018-06-08T18:29:01.290