1041029

GLSA-201808-04

https://support.apple.com/HT208848

https://support.apple.com/HT208850

https://support.apple.com/HT208851

https://support.apple.com/HT208852

https://support.apple.com/HT208853

https://support.apple.com/HT208854

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1.1 It is, therefore, affected by multiple vulnerabilities.

- A remote code execution vulnerability exists in WebKit due to improper memory handling.
  An unauthenticated, remote attacker can exploit this, via a specifically crafted   web page to to execute arbitrary code or cause a denial of service   (CVE-2018-4199, CVE-2018-4201, CVE-2018-4218, CVE-2018-4233).

- An information disclosure vulnerability exists in WebKit. An unauthenticated,   remote attacker can exploit this, via a specifically crafted web page,   to disclose potentially sensitive information (CVE-2018-4190).

- An out-of-bounds read error exists in WebKit due to improper input validation.
  An unauthenticated, remote attacker can exploit this, via a specifically crafted web page   that leverages a getWasmBufferFromValue  during WebAssembly compilation to execute arbitrary   code (CVE-2018-4222).

The version of Apple iOS running on the mobile device is prior to 11.4. It is, therefore, affected by multiple vulnerabilities.

The remote host is affected by the vulnerability described in GLSA-201808-04 (WebkitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please       review the referenced CVE identifiers for details.
  Impact :

    A remote attacker could execute arbitrary commands or cause a denial of       service condition  via a maliciously crafted web content.
  Workaround :

    There is no known workaround at this time.

The version of Apple iTunes installed on the remote Windows host is prior to 12.7.5. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208852 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apple iTunes installed on the remote Windows host is prior to 12.7.5. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208852 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its banner, the version of Apple TV on the remote device is prior to 11.4. It is, therefore, affected by multiple vulnerabilities as described in the HT208850 security advisory.

Note that only 4th and 5th generation models are affected by these vulnerabilities.

ID	Name	Product	Family	Severity
126381	macOS : Apple Safari < 11.1.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
700550	Apple iOS < 11.4 Multiple Vulnerabilities (EFAIL)	Nessus Network Monitor	Mobile Devices	high
112078	GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
110398	Apple iOS < 11.4 Multiple Vulnerabilities (EFAIL)	Nessus	Mobile Devices	high
110384	Apple iTunes < 12.7.5 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
110383	Apple iTunes < 12.7.5 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
110325	Apple TV < 11.4 Multiple Vulnerabilities	Nessus	Misc.	high

CVE-2018-4214

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high