Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
685
VMScore

CVE-2018-4089

Published: 03/04/2018 Updated: 27/04/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.2.5 is affected. macOS prior to 10.13.3 is affected. Safari prior to 11.0.3 is affected. tvOS prior to 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

apple safari

apple apple tv

Exploits

Exploit DB: WebKit - 'detachWrapper' Use-After-Free
<!-- There is a use-after-free security vulnerability in WebKit The vulnerability was confirmed on ASan build of Revision 225572 on OSX The PoC is attached Preliminary Analysis: SVGPropertyTearOff keeps a pointer to a SVG property in m_value When detachWrapper() is called, that pointer gets dereferenced and the value copied This comment ...

Recent Articles

It's 2018 and your Macs, iPhones can be pwned by playing evil music
The Register • Shaun Nichols in San Francisco • 24 Jan 2018

Meanwhile, HomePod inches closer to actually shipping, allegedly

Apple has released security patches for iOS and macOS that include, among other things, Meltdown and Spectre fixes. The new versions should be installed as soon as possible. On macOS, the update will be delivered as High Sierra 10.13.3 or Security Update 2018-001 for Sierra and El Capitan machines. Headlining the security update is a patch for CVE-2017-5754, better known as Meltdown. The Intel processor bug allows malicious code to potentially read sensitive data and personal information, such a...

Read more...

References

CWE-119https://support.apple.com/HT208475https://support.apple.com/HT208465https://support.apple.com/HT208463https://support.apple.com/HT208462https://www.exploit-db.com/exploits/43937/http://www.securitytracker.com/id/1040267http://www.securitytracker.com/id/1040266http://www.securitytracker.com/id/1040265http://www.securityfocus.com/bid/102778https://nvd.nist.govhttps://www.exploit-db.com/exploits/43937/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook