Details of VAR-201806-1482

ID

VAR-201806-1482

CVE

CVE-2018-4192

TITLE

plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005549

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo) Bluetooth Available for: iPhone X, iPhone 8, iPhone 8 Plus, iPad 6th generation, and iPad Air 2 Not impacted: HomePod Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo) FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to enable Siri from the lock screen Description: An issue existed with Siri permissions. CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn) Siri Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with physical access to a device may be able to see private contact information Description: An issue existed with Siri permissions. CVE-2018-4244: an anonymous researcher UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ iCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG Xow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m WmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq GN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA /RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr KeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU HsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G wNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq S6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb gC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD de6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE= =nII0 -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 ------------------------------------------------------------------------ Date reported : June 13, 2018 Advisory ID : WSA-2018-0005 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0005.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0005.html CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. Credit to Jun Kokatsu (@shhnjk). Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative. Description: A race condition was addressed with improved locking. Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative. Description: A buffer overflow issue was addressed with improved memory handling. Credit to an anonymous researcher. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation. Credit to Natalie Silvanovich of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Natalie Silvanovich of Google Project Zero. Description: An out-of-bounds read was addressed with improved input validation. Credit to Aymeric Chaib. Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. Credit to Samuel Gross (@5aelo) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Mishra Dhiraj. Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input. Credit to Metrological Group B.V. The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections. Credit to Dirkjan Ochtman. The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. Credit to ADlab of Venustech. Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues. Credit to ADlab of Venustech. Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running a safe version of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, June 13, 2018 . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.52

sources: NVD: CVE-2018-4192 // JVNDB: JVNDB-2018-005549 // VULHUB: VHN-134223 // VULMON: CVE-2018-4192 // PACKETSTORM: 148017 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148200 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	11.1.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 0.6

sources: JVNDB: JVNDB-2018-005549 // CNNVD: CNNVD-201806-625 // NVD: CVE-2018-4192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4192
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4192
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-625
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134223
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4192
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4192
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134223
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4192
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134223 // VULMON: CVE-2018-4192 // JVNDB: JVNDB-2018-005549 // CNNVD: CNNVD-201806-625 // NVD: CVE-2018-4192

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-134223 // JVNDB: JVNDB-2018-005549 // NVD: CVE-2018-4192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-625

TYPE

overflow, code execution

Trust: 0.7

sources: PACKETSTORM: 148017 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005549

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134223 // VULMON: CVE-2018-4192

PATCH

title:	HT208853	url:	https://support.apple.com/en-us/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/en-us/HT208854	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/en-us/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/en-us/HT208852	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/ja-jp/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/ja-jp/HT208852	Trust: 0.8
title:	HT208853	url:	https://support.apple.com/ja-jp/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/ja-jp/HT208854	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80819	Trust: 0.6
title:	Apple: Safari 11.1.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a694f067de60896ce5475c3b24f85ae2	Trust: 0.1
title:	Apple: iTunes 12.7.5 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=427778ba6ddba25910ede3bba3ecff86	Trust: 0.1
title:	Apple: iCloud for Windows 7.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02a7454fe2f6b5665d8cc96d80b7dfc4	Trust: 0.1
title:	Apple: watchOS 4.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f4c2f01c97a0857022a69b5486be838	Trust: 0.1
title:	Apple: tvOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb	Trust: 0.1
title:	Apple: iOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1
title:	Exploits	url:	https://github.com/dothanthitiendiettiende/Exploits	Trust: 0.1
title:	P2O_2018	url:	https://github.com/ret2/P2O_2018	Trust: 0.1
title:	KB	url:	https://github.com/rudinyu/KB	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1

sources: VULMON: CVE-2018-4192 // JVNDB: JVNDB-2018-005549 // CNNVD: CNNVD-201806-625

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4192	Trust: 3.4
db:	EXPLOIT-DB	id:	45048	Trust: 1.8
db:	SECTRACK	id:	1041029	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005549	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-625	Trust: 0.7
db:	PACKETSTORM	id:	148026	Trust: 0.2
db:	PACKETSTORM	id:	148645	Trust: 0.2
db:	PACKETSTORM	id:	148601	Trust: 0.1
db:	VULHUB	id:	VHN-134223	Trust: 0.1
db:	VULMON	id:	CVE-2018-4192	Trust: 0.1
db:	PACKETSTORM	id:	148017	Trust: 0.1
db:	PACKETSTORM	id:	148643	Trust: 0.1
db:	PACKETSTORM	id:	148200	Trust: 0.1
db:	PACKETSTORM	id:	148018	Trust: 0.1
db:	PACKETSTORM	id:	148027	Trust: 0.1
db:	PACKETSTORM	id:	148016	Trust: 0.1

sources: VULHUB: VHN-134223 // VULMON: CVE-2018-4192 // JVNDB: JVNDB-2018-005549 // PACKETSTORM: 148017 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148200 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-625 // NVD: CVE-2018-4192

REFERENCES

url:	https://www.exploit-db.com/exploits/45048/	Trust: 1.9
url:	https://support.apple.com/ht208848	Trust: 1.8
url:	https://support.apple.com/ht208850	Trust: 1.8
url:	https://support.apple.com/ht208851	Trust: 1.8
url:	https://support.apple.com/ht208852	Trust: 1.8
url:	https://support.apple.com/ht208853	Trust: 1.8
url:	https://support.apple.com/ht208854	Trust: 1.8
url:	https://security.gentoo.org/glsa/201808-04	Trust: 1.8
url:	http://www.securitytracker.com/id/1041029	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4192	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 0.8
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4224	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4225	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4188	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4246	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4226	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4235	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4198	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4240	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4237	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4223	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4211	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4241	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4249	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4243	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4206	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.2
url:	https://www.apple.com/itunes/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4238	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4202	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4215	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4227	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4100	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4239	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://github.com/dothanthitiendiettiende/exploits	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208854	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11712	Trust: 0.1
url:	https://wpewebkit.org/security/wsa-2018-0005.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12293	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12294	Trust: 0.1
url:	https://wpewebkit.org/security/.	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0005.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11713	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4205	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 148017 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148027 // PACKETSTORM: 148016

SOURCES

db:	VULHUB	id:	VHN-134223
db:	VULMON	id:	CVE-2018-4192
db:	JVNDB	id:	JVNDB-2018-005549
db:	PACKETSTORM	id:	148017
db:	PACKETSTORM	id:	148643
db:	PACKETSTORM	id:	148645
db:	PACKETSTORM	id:	148200
db:	PACKETSTORM	id:	148018
db:	PACKETSTORM	id:	148026
db:	PACKETSTORM	id:	148027
db:	PACKETSTORM	id:	148016
db:	CNNVD	id:	CNNVD-201806-625
db:	NVD	id:	CVE-2018-4192

LAST UPDATE DATE

2024-11-27T20:07:13.934000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134223	date:	2019-03-07T00:00:00
db:	VULMON	id:	CVE-2018-4192	date:	2019-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-005549	date:	2018-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201806-625	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-4192	date:	2024-11-21T04:06:56.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134223	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-4192	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005549	date:	2018-07-20T00:00:00
db:	PACKETSTORM	id:	148017	date:	2018-06-04T15:58:18
db:	PACKETSTORM	id:	148643	date:	2018-07-23T14:44:44
db:	PACKETSTORM	id:	148645	date:	2018-07-23T15:22:22
db:	PACKETSTORM	id:	148200	date:	2018-06-14T18:32:22
db:	PACKETSTORM	id:	148018	date:	2018-06-04T15:58:45
db:	PACKETSTORM	id:	148026	date:	2018-06-04T16:09:27
db:	PACKETSTORM	id:	148027	date:	2018-06-04T16:10:01
db:	PACKETSTORM	id:	148016	date:	2018-06-04T15:57:32
db:	CNNVD	id:	CNNVD-201806-625	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4192	date:	2018-06-08T18:29:00.540