CVE-2018-4386
45Vexday Risk Score
Prioritize patching. It exploitation observed by VulnCheck and has a public proof of concept.
ssvc Actepss 6.5%
from disclosure to weapon0 days
Published on NVDApr 3
1st PoCNov 29
VulnCheck+1860d
exploitation probability
6.5%top 7% of all CVEs
observed exploitation
yesVulnCheck
4 public exploit(s)
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
public PoCs found — 4
githubgithub.com/a0zhar/Bad_Hoist-WriteUp★ 0cve_referencepacketstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47893unverifiedexploitdbwww.exploit-db.com/exploits/45912unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.htmlhttps://support.apple.com/kb/HT209192https://support.apple.com/kb/HT209194https://support.apple.com/kb/HT209195https://support.apple.com/kb/HT209196https://support.apple.com/kb/HT209197https://support.apple.com/kb/HT209198