Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-4121

Published: 03/04/2018 Updated: 08/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.3 is affected. Safari prior to 11.1 is affected. iCloud prior to 7.4 on Windows is affected. iTunes prior to 12.7.4 on Windows is affected. tvOS prior to 11.3 is affected. watchOS prior to 4.3 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple watchos

apple tvos

apple iphone os

apple icloud

apple itunes

Vendor Advisories

Red Hat: CVE-2018-4121
An issue was discovered in certain Apple products iOS before 113 is affected Safari before 111 is affected iCloud before 74 on Windows is affected iTunes before 1274 on Windows is affected tvOS before 113 is affected watchOS before 43 is affected The issue involves the "WebKit" component It allows remote attackers to execute arbitrar ...

Exploits

Exploit DB: WebKit - WebAssembly Parsing Does not Correctly Check Section Order
When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary The ordering check validateOrder() does not adequately check that sections are in the correct order when a binary contains custom sections static in ...

Github Repositories

https://github.com/denmilu/CVE-2018-4121

CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit by MWR Labs (c) 2018 Details this proof of concept exploit targets Safari 1103 (1360456) on macOS 10133 (17D47) versions only compile the payload of your choice as a dylib with a constructor run python file_to_jsarraypy yourdylib payloadjs serve this directory and point Safari to /exploithtml exploit is not fully

https://github.com/jezzus/CVE-2018-4121

CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit by MWR Labs (c) 2018 Details this proof of concept exploit targets Safari 1103 (1360456) on macOS 10133 (17D47) versions only compile the payload of your choice as a dylib with a constructor run python file_to_jsarraypy yourdylib payloadjs serve this directory and point Safari to /exploithtml exploit is not fully

https://github.com/mwrlabs/CVE-2018-4121

macOS 10.13.3 (17D47) Safari Wasm Exploit

CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit by MWR Labs (c) 2018 Details this proof of concept exploit targets Safari 1103 (1360456) on macOS 10133 (17D47) versions only compile the payload of your choice as a dylib with a constructor run python file_to_jsarraypy yourdylib payloadjs serve this directory and point Safari to /exploithtml exploit is not fully

References

CWE-119https://support.apple.com/HT208698https://support.apple.com/HT208697https://support.apple.com/HT208696https://support.apple.com/HT208695https://support.apple.com/HT208694https://support.apple.com/HT208693http://www.securitytracker.com/id/1040604https://www.exploit-db.com/exploits/44427/https://github.com/mwrlabs/CVE-2018-4121https://security.gentoo.org/glsa/201808-04https://nvd.nist.govhttps://www.exploit-db.com/exploits/44427/https://github.com/mwrlabs/CVE-2018-4121https://access.redhat.com/security/cve/cve-2018-4121
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook