ID

VAR-201806-1486


CVE

CVE-2018-4199


TITLE

plural Apple Used in products Webkit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005546

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SVG elements. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. The following products and versions are affected: Apple iOS prior to 11.4; Safari prior to 11.1.1; Windows-based iCloud prior to 7.5; Windows-based iTunes prior to 12.7.5; tvOS prior to 11.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo) Bluetooth Available for: iPhone X, iPhone 8, iPhone 8 Plus, iPad 6th generation, and iPad Air 2 Not impacted: HomePod Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo) FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to enable Siri from the lock screen Description: An issue existed with Siri permissions. CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn) Siri Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with physical access to a device may be able to see private contact information Description: An issue existed with Siri permissions. CVE-2018-4244: an anonymous researcher UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ iCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG Xow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m WmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq GN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA /RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr KeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU HsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G wNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq S6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb gC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD de6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE= =nII0 -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 ------------------------------------------------------------------------ Date reported : June 13, 2018 Advisory ID : WSA-2018-0005 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0005.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0005.html CVE identifiers : CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-11646, CVE-2018-11712, CVE-2018-11713, CVE-2018-12293, CVE-2018-12294. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. Credit to Jun Kokatsu (@shhnjk). Impact: Visiting a maliciously crafted website may leak sensitive data. Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. Credit to Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative. Description: A race condition was addressed with improved locking. Credit to Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative. Description: A buffer overflow issue was addressed with improved memory handling. Credit to an anonymous researcher. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to an unexpected application crash. Description: A memory corruption issue was addressed with improved input validation. Credit to Natalie Silvanovich of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Natalie Silvanovich of Google Project Zero. Description: An out-of-bounds read was addressed with improved input validation. Credit to Aymeric Chaib. Impact: Visiting a maliciously crafted website may lead to cookies being overwritten. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. Credit to Samuel Gross (@5aelo) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Mishra Dhiraj. Maliciously crafted web content could trigger an application crash in WebKitFaviconDatabase, caused by mishandling unexpected input. Credit to Metrological Group B.V. The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections. Credit to Dirkjan Ochtman. The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. Credit to ADlab of Venustech. Maliciously crafted web content could achieve a heap buffer overflow in ImageBufferCairo by exploiting multiple integer overflow issues. Credit to ADlab of Venustech. Maliciously crafted web content could trigger a use-after-free of a TextureMapperLayer object. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running a safe version of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, June 13, 2018 . ========================================================================== Ubuntu Security Notice USN-3687-1 June 18, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.18.04.1 Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.3-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.3-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3687-1 CVE-2018-12293, CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.16.04.1

Trust: 3.15

sources: NVD: CVE-2018-4199 // JVNDB: JVNDB-2018-005546 // ZDI: ZDI-18-781 // VULHUB: VHN-134230 // VULMON: CVE-2018-4199 // PACKETSTORM: 148017 // PACKETSTORM: 149059 // PACKETSTORM: 148643 // PACKETSTORM: 148644 // PACKETSTORM: 148200 // PACKETSTORM: 148028 // PACKETSTORM: 148219 // PACKETSTORM: 148016

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:11.1.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:17.10

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.5

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.5 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.5 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1.1 (macos high sierra 10.13.4)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1.1 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.1.1 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.4 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.4 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

vendor:applemodel:itunesscope:eqversion:7.5.0

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:7.4.3

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:7.5

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:7.4.2

Trust: 0.6

sources: ZDI: ZDI-18-781 // JVNDB: JVNDB-2018-005546 // CNNVD: CNNVD-201806-621 // NVD: CVE-2018-4199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4199
value: HIGH

Trust: 1.0

NVD: CVE-2018-4199
value: HIGH

Trust: 0.8

ZDI: CVE-2018-4199
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201806-621
value: HIGH

Trust: 0.6

VULHUB: VHN-134230
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4199
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4199
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

VULHUB: VHN-134230
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4199
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-781 // VULHUB: VHN-134230 // VULMON: CVE-2018-4199 // JVNDB: JVNDB-2018-005546 // CNNVD: CNNVD-201806-621 // NVD: CVE-2018-4199

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134230 // JVNDB: JVNDB-2018-005546 // NVD: CVE-2018-4199

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 148219 // CNNVD: CNNVD-201806-621

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-621

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005546

PATCH

title:HT208854url:https://support.apple.com/en-us/HT208854

Trust: 0.8

title:HT208848url:https://support.apple.com/en-us/HT208848

Trust: 0.8

title:HT208850url:https://support.apple.com/en-us/HT208850

Trust: 0.8

title:HT208852url:https://support.apple.com/en-us/HT208852

Trust: 0.8

title:HT208853url:https://support.apple.com/en-us/HT208853

Trust: 0.8

title:HT208848url:https://support.apple.com/ja-jp/HT208848

Trust: 0.8

title:HT208850url:https://support.apple.com/ja-jp/HT208850

Trust: 0.8

title:HT208852url:https://support.apple.com/ja-jp/HT208852

Trust: 0.8

title:HT208853url:https://support.apple.com/ja-jp/HT208853

Trust: 0.8

title:HT208854url:https://support.apple.com/ja-jp/HT208854

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-ca/HT208849

Trust: 0.7

title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80815

Trust: 0.6

title:Ubuntu Security Notice: webkit2gtk vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3687-1

Trust: 0.1

title:Apple: Safari 11.1.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a694f067de60896ce5475c3b24f85ae2

Trust: 0.1

title:Apple: iTunes 12.7.5 for Windowsurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=427778ba6ddba25910ede3bba3ecff86

Trust: 0.1

title:Apple: iCloud for Windows 7.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02a7454fe2f6b5665d8cc96d80b7dfc4

Trust: 0.1

title:Apple: tvOS 11.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb

Trust: 0.1

title:Apple: iOS 11.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4

Trust: 0.1

sources: ZDI: ZDI-18-781 // VULMON: CVE-2018-4199 // JVNDB: JVNDB-2018-005546 // CNNVD: CNNVD-201806-621

EXTERNAL IDS

db:NVDid:CVE-2018-4199

Trust: 4.1

db:SECTRACKid:1041029

Trust: 1.8

db:JVNid:JVNVU98864649

Trust: 0.8

db:JVNDBid:JVNDB-2018-005546

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5828

Trust: 0.7

db:ZDIid:ZDI-18-781

Trust: 0.7

db:CNNVDid:CNNVD-201806-621

Trust: 0.7

db:VULHUBid:VHN-134230

Trust: 0.1

db:VULMONid:CVE-2018-4199

Trust: 0.1

db:PACKETSTORMid:148017

Trust: 0.1

db:PACKETSTORMid:149059

Trust: 0.1

db:PACKETSTORMid:148643

Trust: 0.1

db:PACKETSTORMid:148644

Trust: 0.1

db:PACKETSTORMid:148200

Trust: 0.1

db:PACKETSTORMid:148028

Trust: 0.1

db:PACKETSTORMid:148219

Trust: 0.1

db:PACKETSTORMid:148016

Trust: 0.1

sources: ZDI: ZDI-18-781 // VULHUB: VHN-134230 // VULMON: CVE-2018-4199 // JVNDB: JVNDB-2018-005546 // PACKETSTORM: 148017 // PACKETSTORM: 149059 // PACKETSTORM: 148643 // PACKETSTORM: 148644 // PACKETSTORM: 148200 // PACKETSTORM: 148028 // PACKETSTORM: 148219 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-621 // NVD: CVE-2018-4199

REFERENCES

url:https://security.gentoo.org/glsa/201808-04

Trust: 1.9

url:https://usn.ubuntu.com/3687-1/

Trust: 1.9

url:https://support.apple.com/ht208848

Trust: 1.8

url:https://support.apple.com/ht208850

Trust: 1.8

url:https://support.apple.com/ht208852

Trust: 1.8

url:https://support.apple.com/ht208853

Trust: 1.8

url:https://support.apple.com/ht208854

Trust: 1.8

url:http://www.securitytracker.com/id/1041029

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4199

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4199

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98864649/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4233

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4190

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4232

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4222

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4218

Trust: 0.8

url:https://support.apple.com/en-ca/ht208849

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4214

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4192

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4201

Trust: 0.7

url:https://support.apple.com/kb/ht201222

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4188

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4204

Trust: 0.5

url:https://www.apple.com/support/security/pgp/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4246

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-4224

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-4200

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-4225

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-4226

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-12293

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-11713

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-11646

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-12294

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-11712

Trust: 0.2

url:https://webkitgtk.org/security/wsa-2018-0005.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4198

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4240

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4237

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4223

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4211

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4241

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/ht204283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4265

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4101

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4120

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0003.html

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0004.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4127

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4263

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4162

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4262

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4266

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4121

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0006.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4272

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4113

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4133

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4278

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4146

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4129

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4238

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4215

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4100

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4239

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4249

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5383

Trust: 0.1

url:https://webkitgtk.org/security.html

Trust: 0.1

url:https://wpewebkit.org/security/wsa-2018-0005.html

Trust: 0.1

url:https://wpewebkit.org/security/.

Trust: 0.1

url:https://www.apple.com/itunes/download/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.16.04.1

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3687-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.3-0ubuntu0.17.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4205

Trust: 0.1

sources: ZDI: ZDI-18-781 // VULHUB: VHN-134230 // VULMON: CVE-2018-4199 // JVNDB: JVNDB-2018-005546 // PACKETSTORM: 148017 // PACKETSTORM: 149059 // PACKETSTORM: 148643 // PACKETSTORM: 148644 // PACKETSTORM: 148200 // PACKETSTORM: 148028 // PACKETSTORM: 148219 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-621 // NVD: CVE-2018-4199

CREDITS

MWR Labs - Alex Plaskett Georgi Geshev Fabian Beterke

Trust: 0.7

sources: ZDI: ZDI-18-781

SOURCES

db:ZDIid:ZDI-18-781
db:VULHUBid:VHN-134230
db:VULMONid:CVE-2018-4199
db:JVNDBid:JVNDB-2018-005546
db:PACKETSTORMid:148017
db:PACKETSTORMid:149059
db:PACKETSTORMid:148643
db:PACKETSTORMid:148644
db:PACKETSTORMid:148200
db:PACKETSTORMid:148028
db:PACKETSTORMid:148219
db:PACKETSTORMid:148016
db:CNNVDid:CNNVD-201806-621
db:NVDid:CVE-2018-4199

LAST UPDATE DATE

2024-11-23T21:19:31.545000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-781date:2018-12-20T00:00:00
db:VULHUBid:VHN-134230date:2019-03-07T00:00:00
db:VULMONid:CVE-2018-4199date:2019-03-07T00:00:00
db:JVNDBid:JVNDB-2018-005546date:2018-07-20T00:00:00
db:CNNVDid:CNNVD-201806-621date:2019-03-13T00:00:00
db:NVDid:CVE-2018-4199date:2024-11-21T04:06:57.333

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-781date:2018-07-26T00:00:00
db:VULHUBid:VHN-134230date:2018-06-08T00:00:00
db:VULMONid:CVE-2018-4199date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2018-005546date:2018-07-20T00:00:00
db:PACKETSTORMid:148017date:2018-06-04T15:58:18
db:PACKETSTORMid:149059date:2018-08-23T18:40:24
db:PACKETSTORMid:148643date:2018-07-23T14:44:44
db:PACKETSTORMid:148644date:2018-07-23T14:04:44
db:PACKETSTORMid:148200date:2018-06-14T18:32:22
db:PACKETSTORMid:148028date:2018-06-04T16:10:27
db:PACKETSTORMid:148219date:2018-06-18T16:11:08
db:PACKETSTORMid:148016date:2018-06-04T15:57:32
db:CNNVDid:CNNVD-201806-621date:2018-06-11T00:00:00
db:NVDid:CVE-2018-4199date:2018-06-08T18:29:00.743