CVE-2018-4192

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

Published: Jun 8, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-4192
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	11.4
apple / safari	-	11.1.1
apple / watchos	-	4.3.1
apple / tvos	-	11.4
apple / icloud	-	7.5
apple / itunes	-	12.7.5

http://www.securitytracker.com/id/1041029
https://security.gentoo.org/glsa/201808-04
https://support.apple.com/HT208848
https://support.apple.com/HT208850
https://support.apple.com/HT208851
https://support.apple.com/HT208852
https://support.apple.com/HT208853
https://support.apple.com/HT208854
https://www.exploit-db.com/exploits/45048/

Vulnerability Database

289,599

CVE-2018-4192