An issue exists in certain Apple products. iOS prior to 11.3.1 is affected. Safari prior to 11.1 is affected. iCloud prior to 7.5 on Windows is affected. iTunes prior to 12.7.5 on Windows is affected. tvOS prior to 11.4 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
apple iphone os |
||
apple tvos |
||
apple icloud |
||
apple itunes |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 17.10 |
Cook's Cupertino crew corrects coding cockups It's 2018 and your Macs, iPhones can be pwned by playing evil music
Apple has issued a trio of updates to patch security vulnerabilities in Safari, macOS, and iOS. For iOS, the update to 11.3.1 addresses a total of four CVE-listed vulnerabilities, including one that is present in the debugging tool used across both iOS and the macOS. That vulnerability, CVE-2018-4206, was spotted in Crash Reporter by researcher Ian Beer of Google's Project Zero. According to Apple, a vulnerability in Crash Reporter's error handling would have allowed an application to trigger a ...