Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-4441

Published: 03/04/2019 Updated: 05/04/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 692
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple tvos

apple safari

apple watchos

apple itunes

apple icloud

Exploits

Exploit DB: WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write
WebKit JSC suffers from out-of-bounds read and write vulnerabilities in JSArray::shiftCountWithArrayStorage ...
Exploit DB: WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
/* bool JSArray::shiftCountWithArrayStorage(VM& vm, unsigned startIndex, unsigned count, ArrayStorage* storage) { unsigned oldLength = storage->length(); RELEASE_ASSERT(count <= oldLength); // If the array contains holes or is otherwise in an abnormal state, // use the generic algorithm in ArrayPrototype if ((sto ...
Exploit DB: Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
PS4 620 WebKit Code Execution PoC ============== This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 620 leveraging CVE-2018-4441 The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in `wkexploitjs` It will then setup a framework to run ROP cha ...

Mailing Lists

Full Disclosure: APPLE-SA-2018-12-05-1 iOS 12.1.1
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-12-05-1 iOS 1211 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security v ...
Full Disclosure: APPLE-SA-2018-12-06-1 watchOS 5.1.2
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-12-06-1 watchOS 512 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Securit ...
Full Disclosure: APPLE-SA-2018-12-05-6 iCloud for Windows 7.9
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2018-12-05-6 iCloud for Windows 79 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Produc ...

Github Repositories

https://github.com/sploitem/WebKitPwn

Some papers and exploit writeups about WebKit.

WebKitPwn Some papers and exploit writeups about WebKit Reading list for VR Architecture Apple Browser Internals WebKit Architecture Writeups A Guide to Assertion Macros in WebKit A New Bytecode Format for JavaScriptCore Apple Safari JavaScriptCore Inspector Type Confusion CVE-2017-2446 or JSC__JSGlobalObject__isHavingABadTime CVE-2018-4441 OOB R_W via JSArray unshiftCountW

https://github.com/jakubolsaki/ja

PS4 620 WebKit Code Execution PoC This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 620 leveraging CVE-2018-4441 The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploitjs It will then setup a framework to run ROP chains in indexhtml and by default will provide tw

https://github.com/howmuch515/howmuch515

Skills Python Go JavaScript (Vuejs/TypeScript) Links CTF writeup Slide Qiita Works Burp Extension BurpExportObjects BurpSnippets poc_generator Nday PoC CVE-2018-4233 CVE-2018-4441

https://github.com/ktiOSz/kexploit620FW-

kexploit (incomplete) on 6.20 PS4 FW, it’s patched on 6.50 FW

PoC Exploit 620 FW PS4 Exploit that works as PoC (infoleak the memory) for PS4 on 620 FW, patched on 650! (CVE-2018-4441) Patch 1 (17/03/2019): Kexploit is now fixed and updated to PoC exploit The HTML file is removed Patch 2 (26/03/2019): HTML is added (Now It Works) Issues HTML doesn’t work beacause it is builded badly (Now removed in Patch 1) Don’t use th

https://github.com/Cryptogenic/PS4-6.20-WebKit-Code-Execution-Exploit

A WebKit exploit using CVE-2018-4441 to obtain RCE on PS4 6.20.

PS4 620 WebKit Code Execution PoC This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 620 leveraging CVE-2018-4441 The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploitjs It will then setup a framework to run ROP chains in indexhtml and by default will provide tw

https://github.com/CloudFTL/6.20

PS4 6.20 Code Execution Exploit By SpecterDev

PS4 620 WebKit Code Execution PoC This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 620 leveraging CVE-2018-4441 The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploitjs It will then setup a framework to run ROP chains in indexhtml and by default will provide tw

References

CWE-119https://support.apple.com/kb/HT209346https://support.apple.com/kb/HT209345https://support.apple.com/kb/HT209344https://support.apple.com/kb/HT209343https://support.apple.com/kb/HT209342https://support.apple.com/kb/HT209340https://nvd.nist.govhttps://packetstormsecurity.com/files/150935/WebKit-JSC-JSArray-shiftCountWithArrayStorage-Out-Of-Band-Read-Write.htmlhttps://github.com/sploitem/WebKitPwnhttps://www.exploit-db.com/exploits/46072
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook