An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
http://www.securitytracker.com/id/1040604
https://support.apple.com/HT208693
https://support.apple.com/HT208694
https://support.apple.com/HT208695
https://support.apple.com/HT208696
https://support.apple.com/HT208697
Source: MITRE
Published: 2018-04-03
Updated: 2019-03-08
Type: CWE-119
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
OR
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
700548 | Apple iOS < 11.3 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | high |
700503 | Apple Safari < 11.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
118453 | openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288) | Nessus | SuSE Local Security Checks | high |
118389 | SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1) | Nessus | SuSE Local Security Checks | high |
109468 | Ubuntu 16.04 LTS / 17.10 : WebKitGTK+ vulnerabilities (USN-3635-1) | Nessus | Ubuntu Local Security Checks | medium |
109060 | Apple TV < 11.3 Multiple Vulnerabilities | Nessus | Misc. | high |
108812 | Apple iOS < 11.3 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
108805 | macOS : Apple Safari < 11.1 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
108796 | Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
108795 | Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |