cve-2018-4113
Vulnerability from cvelistv5
Published
2018-04-03 06:00
Modified
2024-08-05 05:04
Severity ?
EPSS score ?
Summary
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
References
▼ | URL | Tags | |
---|---|---|---|
product-security@apple.com | http://www.securitytracker.com/id/1040604 | Third Party Advisory, VDB Entry | |
product-security@apple.com | https://security.gentoo.org/glsa/201808-04 | Third Party Advisory | |
product-security@apple.com | https://support.apple.com/HT208693 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/HT208694 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/HT208695 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/HT208696 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/HT208697 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/HT208698 | Vendor Advisory | |
product-security@apple.com | https://usn.ubuntu.com/3635-1/ | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:04:29.824Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1040604", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040604" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208698" }, { "name": "GLSA-201808-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201808-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208696" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208693" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208694" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208697" }, { "name": "USN-3635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3635-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208695" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-29T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-21T09:57:02", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "name": "1040604", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040604" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208698" }, { "name": "GLSA-201808-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201808-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208696" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208693" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208694" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208697" }, { "name": "USN-3635-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3635-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208695" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2018-4113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1040604", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040604" }, { "name": "https://support.apple.com/HT208698", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208698" }, { "name": "GLSA-201808-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201808-04" }, { "name": "https://support.apple.com/HT208696", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208696" }, { "name": "https://support.apple.com/HT208693", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208693" }, { "name": "https://support.apple.com/HT208694", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208694" }, { "name": "https://support.apple.com/HT208697", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208697" }, { "name": "USN-3635-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3635-1/" }, { "name": "https://support.apple.com/HT208695", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208695" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2018-4113", "datePublished": "2018-04-03T06:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T05:04:29.824Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-4113\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2018-04-03T06:29:04.670\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \\\"WebKit\\\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3 se han visto afectadas. Se han visto afectadas las versiones de Safari anteriores a la 11.1, las versiones de iCloud anteriores a la 7.4 en Windows, las versiones de iTunes anteriores a la 12.7.4 en Windows, las versiones de tvOS anteriores a la 11.3 y las versiones de watchOS anteriores a la 4.3 se han visto afectadas. El problema afecta a una funci\u00f3n JavaScriptCore en el componente \\\"WebKit\\\". Permite que atacantes desencadenen un fallo de aserci\u00f3n aprovechando la indexaci\u00f3n incorrecta de arrays.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"2683E773-F7E6-4B5A-B341-F34EC83368BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"1AE9DC77-7A0A-47A4-9B85-6CCCFDE5B313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\",\"matchCriteriaId\":\"2027A893-A9F8-4594-89B3-FEAFD69AB877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"360435F9-FC38-422B-8888-3656AF59A3BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4\",\"matchCriteriaId\":\"C0720731-C892-498A-BFFE-D3DBCD096973\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.4\",\"matchCriteriaId\":\"C7F515A1-9B93-4D6F-A269-CAEDEC1DD85E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webkitgtk:webkitgtk\\\\+:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.20.4\",\"matchCriteriaId\":\"33CC3DA1-F5EA-4276-B38B-5C68BA8EBCDA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1040604\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201808-04\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208693\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208694\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208695\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208696\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208697\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT208698\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3635-1/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.