Published: 03/04/2019 Updated: 08/01/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari
apple tvos
apple iphone os
apple watchos
apple itunes
apple icloud

Several security issues were fixed in WebKitGTK+ ...

WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object ...

Sony Playstation 4 (PS4) versions prior to 672 webkit code execution proof of concept exploit ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-3 Safari 1201 Safari 1201 is now available and addresses the following: Safari Reader Available for: macOS Sierra 10126, macOS High Sierra 10136, and macOS Mojave 1014 Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cros ...

bad_hoist Exploit implementation of CVE-2018-4386 Obtains addrof/fakeobj and arbitrary read/write primitives Supports PS4 consoles on 6XX May also work on older firmware versions, but I am not sure Bug was fixed in firmware 700

CWE-119 https://support.apple.com/kb/HT209198 https://support.apple.com/kb/HT209197 https://support.apple.com/kb/HT209196 https://support.apple.com/kb/HT209195 https://support.apple.com/kb/HT209194 https://support.apple.com/kb/HT209192 http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html https://nvd.nist.gov https://usn.ubuntu.com/3828-1/

CVE-2018-4386

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect