CVE-2018-4162
CVE-2018-4162
Patch soon. has a working public exploit.
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 38.6%KEV nãoPoC —Nuclei —Metasploit simPatch referenciado
Lifecycle
25 Aug 2016Metasploit module available
03 Apr 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Affected products
n/a · n/aReferences
http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.htmlhttps://security.gentoo.org/glsa/201808-04https://support.apple.com/HT208693https://support.apple.com/HT208694https://support.apple.com/HT208695https://support.apple.com/HT208696https://support.apple.com/HT208697https://support.apple.com/HT208698https://usn.ubuntu.com/3635-1/http://www.securitytracker.com/id/1040604