7.5
CVSSv3

CVE-2018-4192

Published: 08/06/2018 Updated: 07/03/2019
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 516
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.4 is affected. Safari prior to 11.1.1 is affected. iCloud prior to 7.5 on Windows is affected. iTunes prior to 12.7.5 on Windows is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code via a crafted web site that leverages a race condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple iphone os

apple watchos

apple tvos

apple icloud

apple itunes

Exploits

// Load Int library, thanks saelo! load('utiljs'); load('int64js'); // Helpers to convert from float to in a few random places var conva = new ArrayBuffer(8); var convf = new Float64Array(conva); var convi = new Uint32Array(conva); var convi8 = new Uint8Array(conva); var floatarr_magic = new Int64('0x3131313131313131')asDouble(); var floatarr ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-3 Additional information for APPLE-SA-2018-06-01-4 iOS 114 iOS 114 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer ov ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 114 tvOS 114 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in B ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-5 Additional information for APPLE-SA-2018-06-01-5 watchOS 431 watchOS 431 addresses the following: Bluetooth Not impacted: Apple Watch Series 3 Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic CVE-2018-5383: Lior Neumann and Eli ...

Github Repositories

PWN2OWN 2018 - Safari + Root This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018 It has been released for educational purposes, detailed by a series of blogposts These were used as zero-day exploits against macOS 10133 & Safari/JSC on March 16th, 2018 Contents /jsc - JavaScriptCore Exploit & PoC for CVE-2018-4192 /windowserver - WindowS

Exploits CVE-2018-4192: JSC Array reverse

DGA cyberwtf/2017/08/30/dga-classification-and-detection-for-automated-malware-analysis/ githubcom/philarkwright/DGA-Detection githubcom/exp0se/dga_detector githubcom/jayjacobs/dga-tutorial githubcom/pchaigno/dga-collection githubcom/endgameinc/dga_predict githubcom/exctzo/dga_prediction_model **docs