Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-4192

Published: 08/06/2018 Updated: 07/03/2019
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 516
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Safari

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.4 is affected. Safari prior to 11.1.1 is affected. iCloud prior to 7.5 on Windows is affected. iTunes prior to 12.7.5 on Windows is affected. tvOS prior to 11.4 is affected. watchOS prior to 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code via a crafted web site that leverages a race condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple iphone os

apple watchos

apple tvos

apple icloud

apple itunes

Exploits

Exploit DB: JavaScript Core - Arbitrary Code Execution
// Load Int library, thanks saelo! load('utiljs'); load('int64js'); // Helpers to convert from float to in a few random places var conva = new ArrayBuffer(8); var convf = new Float64Array(conva); var convi = new Uint32Array(conva); var convi8 = new Uint8Array(conva); var floatarr_magic = new Int64('0x3131313131313131')asDouble(); var floatarr ...

Github Repositories

https://github.com/ret2/P2O_2018

PWN2OWN 2018 - Safari + Root This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018 It has been released for educational purposes, detailed by a series of blogposts These were used as zero-day exploits against macOS 10133 & Safari/JSC on March 16th, 2018 Contents /jsc - JavaScriptCore Exploit & PoC for CVE-2018-4192 /windowserver - WindowS

https://github.com/dothanthitiendiettiende/Exploits

Exploits CVE-2018-4192: JSC Array reverse

https://github.com/rudinyu/KB

DGA cyberwtf/2017/08/30/dga-classification-and-detection-for-automated-malware-analysis/ githubcom/philarkwright/DGA-Detection githubcom/exp0se/dga_detector githubcom/jayjacobs/dga-tutorial githubcom/pchaigno/dga-collection githubcom/endgameinc/dga_predict githubcom/exctzo/dga_prediction_model **docs

References

CWE-362https://support.apple.com/HT208854https://support.apple.com/HT208853https://support.apple.com/HT208852https://support.apple.com/HT208851https://support.apple.com/HT208850https://support.apple.com/HT208848http://www.securitytracker.com/id/1041029https://www.exploit-db.com/exploits/45048/https://security.gentoo.org/glsa/201808-04https://nvd.nist.govhttps://www.exploit-db.com/exploits/45048/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook