Details of VAR-201806-1488

ID

VAR-201806-1488

CVE

CVE-2018-4201

TITLE

plural Apple Used in products, etc. Webkit Arbitrary code execution vulnerabilities in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005544

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo) Bluetooth Available for: iPhone X, iPhone 8, iPhone 8 Plus, iPad 6th generation, and iPad Air 2 Not impacted: HomePod Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo) FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. CVE-2018-4227: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan YA+-lmaz of Sesim Sarpkaya Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved validation of S-MIME certificates. CVE-2018-4221: Damian Poddebniak of MA1/4nster University of Applied Sciences, Christian Dresen of MA1/4nster University of Applied Sciences, Jens MA1/4ller of Ruhr University Bochum, Fabian Ising of MA1/4nster University of Applied Sciences, Sebastian Schinzel of MA1/4nster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, JAPrg Schwenk of Ruhr University Bochum Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to enable Siri from the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4238: Baljinder Singh, Muhammad khizer javed, Onur Can BIKMAZ (@CanBkmaz) of Mustafa Kemal University Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4252: Hunter Byrnes, Martin Winkelmann (@Winkelmannnn) Siri Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker with physical access to a device may be able to see private contact information Description: An issue existed with Siri permissions. This was addressed with improved permission checking. CVE-2018-4244: an anonymous researcher UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUshMACgkQ8ecVjteJ iCbspA//aVxu/EdiaNxNRmRDFB8LpqKa3xjJdfkK9cJRYZ+eBHJZjBfzj4BzABuG Xow7FkEE7LSQpCeJ08Ggo6vVQUdR4+etQ2UfjQWGX6qIvLZUXK0lw2x5XdTP0q4m WmNoZcdK3cmbVXGMWUZRUrYPTWwMnTMsPpPoDoptaQRseN+K/0kdwsQZtdqeN9sq GN3Qp6AW6WR1gUAgDriIyzFXTxJ8NmKx2+4B5O2w0TbmzxGa/F5ZUjw4D/wwJJPA /RXAwseJMghPfbi9tNcjUhbGFfcnr5JvyGfY2GESFc7odWt2XSpePHr6qaJzogBr KeJKOVpgTdS4PO37+KDUfQDIElSnYQVTff8Tinxg/Zojafp0PxYkDYRxw7i16YKU HsB7R0o5Yi5YD4uG5ioMj4RspQDWozzveVvvtah6/bWChQQwD3XHr6JRM6oJ106G wNx2EHfRRXFQCY680RfE8hN/98IJRrCF6nIdO9zBbzGM/Ihzr02F0qSrdB5/PXSq S6EwJi0M5ia/KMFSO7EY5qQ2aipyDC3WPkvQrHtpsqstMrktyJOYGbm/t39WmIBb gC92rxvNFr5mO8Owypu1/tloGr15zIxPGR6OXA/DVxdRm2/UmW1tsqQfKgporJMD de6uiZJb8p8X36KC7YmHLTApYL3CaZebJIIOmf8tKjQUxxbR9wE= =nII0 -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.43

sources: NVD: CVE-2018-4201 // JVNDB: JVNDB-2018-005544 // VULHUB: VHN-134232 // VULMON: CVE-2018-4201 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148016

AFFECTED PRODUCTS

vendor:	apple	model:	icloud	scope:	lt	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.4 (ipod touch no. 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.5 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.4 (apple tv no. 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3.1 (apple watch all models of )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.3	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.4	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.3	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.2	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 0.6

sources: JVNDB: JVNDB-2018-005544 // CNNVD: CNNVD-201806-620 // NVD: CVE-2018-4201

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4201
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4201
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-620
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134232
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4201
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4201
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-134232
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4201
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134232 // VULMON: CVE-2018-4201 // JVNDB: JVNDB-2018-005544 // CNNVD: CNNVD-201806-620 // NVD: CVE-2018-4201

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134232 // JVNDB: JVNDB-2018-005544 // NVD: CVE-2018-4201

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-620

TYPE

overflow, code execution

Trust: 0.7

sources: PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005544

PATCH

title:	HT208853	url:	https://support.apple.com/en-us/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/en-us/HT208854	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/en-us/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/en-us/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/en-us/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/en-us/HT208852	Trust: 0.8
title:	HT208848	url:	https://support.apple.com/ja-jp/HT208848	Trust: 0.8
title:	HT208850	url:	https://support.apple.com/ja-jp/HT208850	Trust: 0.8
title:	HT208851	url:	https://support.apple.com/ja-jp/HT208851	Trust: 0.8
title:	HT208852	url:	https://support.apple.com/ja-jp/HT208852	Trust: 0.8
title:	HT208853	url:	https://support.apple.com/ja-jp/HT208853	Trust: 0.8
title:	HT208854	url:	https://support.apple.com/ja-jp/HT208854	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80814	Trust: 0.6
title:	Apple: Safari 11.1.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a694f067de60896ce5475c3b24f85ae2	Trust: 0.1
title:	Apple: iTunes 12.7.5 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=427778ba6ddba25910ede3bba3ecff86	Trust: 0.1
title:	Apple: iCloud for Windows 7.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02a7454fe2f6b5665d8cc96d80b7dfc4	Trust: 0.1
title:	Apple: watchOS 4.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f4c2f01c97a0857022a69b5486be838	Trust: 0.1
title:	Apple: tvOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=d2d0b1ec71830547fb971d63ee3beadb	Trust: 0.1
title:	Apple: iOS 11.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0f3db097f895347566033494c2dda90b	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1

sources: VULMON: CVE-2018-4201 // JVNDB: JVNDB-2018-005544 // CNNVD: CNNVD-201806-620

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4201	Trust: 3.3
db:	SECTRACK	id:	1041029	Trust: 1.8
db:	JVN	id:	JVNVU98864649	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005544	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-620	Trust: 0.7
db:	VULHUB	id:	VHN-134232	Trust: 0.1
db:	VULMON	id:	CVE-2018-4201	Trust: 0.1
db:	PACKETSTORM	id:	148643	Trust: 0.1
db:	PACKETSTORM	id:	148645	Trust: 0.1
db:	PACKETSTORM	id:	148644	Trust: 0.1
db:	PACKETSTORM	id:	148028	Trust: 0.1
db:	PACKETSTORM	id:	148018	Trust: 0.1
db:	PACKETSTORM	id:	148026	Trust: 0.1
db:	PACKETSTORM	id:	148016	Trust: 0.1

sources: VULHUB: VHN-134232 // VULMON: CVE-2018-4201 // JVNDB: JVNDB-2018-005544 // PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148016 // CNNVD: CNNVD-201806-620 // NVD: CVE-2018-4201

REFERENCES

url:	https://support.apple.com/ht208848	Trust: 1.8
url:	https://support.apple.com/ht208850	Trust: 1.8
url:	https://support.apple.com/ht208851	Trust: 1.8
url:	https://support.apple.com/ht208852	Trust: 1.8
url:	https://support.apple.com/ht208853	Trust: 1.8
url:	https://support.apple.com/ht208854	Trust: 1.8
url:	https://security.gentoo.org/glsa/201808-04	Trust: 1.8
url:	http://www.securitytracker.com/id/1041029	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4201	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4201	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98864649/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4233	Trust: 0.7
url:	https://support.apple.com/kb/ht201222	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4214	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4192	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4222	Trust: 0.7
url:	https://www.apple.com/support/security/pgp/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4218	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4224	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4225	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4190	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4188	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4232	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4235	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4198	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4240	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4237	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4199	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4223	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4226	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4211	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4241	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4246	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4204	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4249	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4243	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4206	Trust: 0.3
url:	https://www.apple.com/itunes/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4238	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4202	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4215	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4221	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4227	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4100	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4239	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4200	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208854	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4205	Trust: 0.1

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 148643 // PACKETSTORM: 148645 // PACKETSTORM: 148644 // PACKETSTORM: 148028 // PACKETSTORM: 148018 // PACKETSTORM: 148026 // PACKETSTORM: 148016

SOURCES

db:	VULHUB	id:	VHN-134232
db:	VULMON	id:	CVE-2018-4201
db:	JVNDB	id:	JVNDB-2018-005544
db:	PACKETSTORM	id:	148643
db:	PACKETSTORM	id:	148645
db:	PACKETSTORM	id:	148644
db:	PACKETSTORM	id:	148028
db:	PACKETSTORM	id:	148018
db:	PACKETSTORM	id:	148026
db:	PACKETSTORM	id:	148016
db:	CNNVD	id:	CNNVD-201806-620
db:	NVD	id:	CVE-2018-4201

LAST UPDATE DATE

2024-11-22T21:32:16.277000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134232	date:	2019-03-08T00:00:00
db:	VULMON	id:	CVE-2018-4201	date:	2019-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005544	date:	2018-07-20T00:00:00
db:	CNNVD	id:	CNNVD-201806-620	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-4201	date:	2019-03-08T13:49:28.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134232	date:	2018-06-08T00:00:00
db:	VULMON	id:	CVE-2018-4201	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-005544	date:	2018-07-20T00:00:00
db:	PACKETSTORM	id:	148643	date:	2018-07-23T14:44:44
db:	PACKETSTORM	id:	148645	date:	2018-07-23T15:22:22
db:	PACKETSTORM	id:	148644	date:	2018-07-23T14:04:44
db:	PACKETSTORM	id:	148028	date:	2018-06-04T16:10:27
db:	PACKETSTORM	id:	148018	date:	2018-06-04T15:58:45
db:	PACKETSTORM	id:	148026	date:	2018-06-04T16:09:27
db:	PACKETSTORM	id:	148016	date:	2018-06-04T15:57:32
db:	CNNVD	id:	CNNVD-201806-620	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-4201	date:	2018-06-08T18:29:00.867