Details of VAR-201804-1161

ID

VAR-201804-1161

CVE

CVE-2018-4161

TITLE

plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-003686

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0003 ------------------------------------------------------------------------ Date reported : April 04, 2018 Advisory ID : WSA-2018-0003 Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. Several vulnerabilities were discovered in WebKitGTK+. Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Unexpected interaction with indexing types causing an ASSERT failure. Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks. Credit to OSS-Fuzz. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with the fetch API. This was addressed through improved input validation. Credit to Jun Kokatsu (@shhnjk). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Zach Markley. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation. Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack. This issue was addressed with improved URL validation. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to a denial of service. Description: A memory corruption issue was addressed through improved input validation. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, April 04, 2018 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-2 watchOS 4.3 watchOS 4.3 is now available and addresses the following: CoreFoundation Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4142: Robin Leroy of Google Switzerland GmbH File System Events Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4104: The UK's National Cyber Security Centre (NCSC) Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4143: derrek (@derrekr6) NSURLSession Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4166: Samuel GroA (@5aelo) Quick Look Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation. CVE-2018-4157: Samuel GroA (@5aelo) Security Available for: All Apple Watch models Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4144: Abraham Masri (@cheesecakeufo) System Preferences Available for: All Apple Watch models Impact: A configuration profile may incorrectly remain in effect after removal Description: An issue existed in CFPreferences. CVE-2018-4117: an anonymous researcher, an anonymous researcher Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlq9GlspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZhfA// QhXriKk82GO1fdVRi/k9EQEVNpin8cU62yjgBF3nLEoZeLKRkaZMLsoEzBZ/sOtY v4VEJzRFcrVbDmmFtrA1ECEHe3w7tEydO9CjQsfesZ6TZRSO08ZD5fwE1Q0Jzqq7 43Dlt9/9Y+Fai48wYatj6yKfrjsF1yTnRr83M3C9mrbNJGgZ7yQeMyZ2iu+NcSry XnsK5xoESTH3dmc9+3MCj7h8Fw5MYaWCLPD/jS7iTQDJ9tpJhB+Rw0Z6cQxBNvYn /Sd3XiGvg0aOf3VJW/uodQFEBbBt9V2huCMsaKCLdcdTU+xZ6agmAQ9O5a/rpebP Qa844Ug+CjHT3p8UdldRO/RTjtWhO4s1n/eK1uaJUajqv557qJni+c3GNYtjIk/U TMb+5A7y5f3mVLIgEXaKiK8LwfXPKFXgXIWQk/Nsxda2fYHFupAm54uDx3flor2Z ec7/7yyE7hQJ3BdalRMOTRz8+ZTKN+YZcnls6XstNWp2w+vhqj8Uo16RQG7ga5Uw +tKm/eUe5AdHtjqFzcSfmOrS7XHXEjvqCTCDLIyoP3eWaxsxdfsN3oKOCpjRbYqU jGZjPUVxBzx+/evM1irbtlF4GHXuGdryDvbtFMt2l7t5/gnvsZkrt0Ij93XEC79i ARG0K0zkbtxBQF7qrn2cu/5e+LC217rBLtgO5HpxNEU= =FEXo -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3635-1 April 30, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.17.10.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.17.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.1-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3635-1 CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1 . CVE-2018-4102: Kai Zhao of 3H security team CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com) Safari Login AutoFill Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. CVE-2018-4117: an anonymous researcher, an anonymous researcher Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: Safari 11.1 may be obtained from the Mac App Store

Trust: 3.06

sources: NVD: CVE-2018-4161 // JVNDB: JVNDB-2018-003686 // ZDI: ZDI-18-277 // VULHUB: VHN-134192 // VULMON: CVE-2018-4161 // PACKETSTORM: 147241 // PACKETSTORM: 146965 // PACKETSTORM: 147433 // PACKETSTORM: 146966 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	4.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	17.10	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.7.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.4 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.4 ( target os : windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos high sierra 10.13.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.3 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.3 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	tv	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.4.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	1.0.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.3.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	2.0.0	Trust: 0.6

sources: ZDI: ZDI-18-277 // JVNDB: JVNDB-2018-003686 // CNNVD: CNNVD-201804-150 // NVD: CVE-2018-4161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4161
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4161
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-4161
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201804-150
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134192
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-4161
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4161
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
VULHUB:	VHN-134192
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4161
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-277 // VULHUB: VHN-134192 // VULMON: CVE-2018-4161 // JVNDB: JVNDB-2018-003686 // CNNVD: CNNVD-201804-150 // NVD: CVE-2018-4161

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-134192 // JVNDB: JVNDB-2018-003686 // NVD: CVE-2018-4161

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 147433 // CNNVD: CNNVD-201804-150

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201804-150

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003686

PATCH

title:	HT208697	url:	https://support.apple.com/en-us/HT208697	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/en-us/HT208698	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208694	url:	https://support.apple.com/en-us/HT208694	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/en-us/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/en-us/HT208696	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	HT208694	url:	https://support.apple.com/ja-jp/HT208694	Trust: 0.8
title:	HT208695	url:	https://support.apple.com/ja-jp/HT208695	Trust: 0.8
title:	HT208696	url:	https://support.apple.com/ja-jp/HT208696	Trust: 0.8
title:	HT208697	url:	https://support.apple.com/ja-jp/HT208697	Trust: 0.8
title:	HT208698	url:	https://support.apple.com/ja-jp/HT208698	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/kb/HT201222	Trust: 0.7
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83002	Trust: 0.6
title:	Apple: Safari 11.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ee3f60ca20e25abaeeaa2929b7de559a	Trust: 0.1
title:	Apple: watchOS 4.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0c9672f464c8ecdde98d280637ecb1c5	Trust: 0.1
title:	Apple: iCloud for Windows 7.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=3c324dcae1b032626ce2245c5900fb36	Trust: 0.1
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3635-1	Trust: 0.1
title:	Apple: iTunes 12.7.4 for Windows	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1b3706ef4ba6948ac20ebbbcffe7bc29	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2196fa008592287290cbd6678fbe10d4	Trust: 0.1
title:	Apple: tvOS 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0eeec7064403af3bc921bd387f797adc	Trust: 0.1
title:	Apple: iOS 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=66db9acd354635a683838e3cd9bc2d76	Trust: 0.1

sources: ZDI: ZDI-18-277 // VULMON: CVE-2018-4161 // JVNDB: JVNDB-2018-003686 // CNNVD: CNNVD-201804-150

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4161	Trust: 4.0
db:	SECTRACK	id:	1040604	Trust: 1.8
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003686	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5525	Trust: 0.7
db:	ZDI	id:	ZDI-18-277	Trust: 0.7
db:	CNNVD	id:	CNNVD-201804-150	Trust: 0.6
db:	VULHUB	id:	VHN-134192	Trust: 0.1
db:	VULMON	id:	CVE-2018-4161	Trust: 0.1
db:	PACKETSTORM	id:	147241	Trust: 0.1
db:	PACKETSTORM	id:	146965	Trust: 0.1
db:	PACKETSTORM	id:	147433	Trust: 0.1
db:	PACKETSTORM	id:	146966	Trust: 0.1
db:	PACKETSTORM	id:	146969	Trust: 0.1
db:	PACKETSTORM	id:	146970	Trust: 0.1
db:	PACKETSTORM	id:	146971	Trust: 0.1

sources: ZDI: ZDI-18-277 // VULHUB: VHN-134192 // VULMON: CVE-2018-4161 // PACKETSTORM: 147241 // PACKETSTORM: 146965 // PACKETSTORM: 147433 // PACKETSTORM: 146966 // PACKETSTORM: 146969 // PACKETSTORM: 146970 // PACKETSTORM: 146971 // JVNDB: JVNDB-2018-003686 // CNNVD: CNNVD-201804-150 // NVD: CVE-2018-4161

REFERENCES

url:	https://usn.ubuntu.com/3635-1/	Trust: 1.9
url:	https://support.apple.com/ht208693	Trust: 1.8
url:	https://support.apple.com/ht208694	Trust: 1.8
url:	https://support.apple.com/ht208695	Trust: 1.8
url:	https://support.apple.com/ht208696	Trust: 1.8
url:	https://support.apple.com/ht208697	Trust: 1.8
url:	https://support.apple.com/ht208698	Trust: 1.8
url:	http://www.securitytracker.com/id/1040604	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4161	Trust: 1.5
url:	https://support.apple.com/kb/ht201222	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4161	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4114	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4162	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4125	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4113	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4146	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4122	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4163	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4129	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4101	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4120	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4127	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4165	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4128	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4118	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4117	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4119	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4121	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4144	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4130	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4133	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4155	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4143	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4142	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4166	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4115	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4104	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4150	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4167	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4157	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht208695	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2018-0003.html	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4158	Trust: 0.1
url:	https://usn.ubuntu.com/usn/usn-3635-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.1-0ubuntu0.17.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4102	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4116	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4137	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1

CREDITS

WanderingGlitch - Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-18-277

SOURCES

db:	ZDI	id:	ZDI-18-277
db:	VULHUB	id:	VHN-134192
db:	VULMON	id:	CVE-2018-4161
db:	PACKETSTORM	id:	147241
db:	PACKETSTORM	id:	146965
db:	PACKETSTORM	id:	147433
db:	PACKETSTORM	id:	146966
db:	PACKETSTORM	id:	146969
db:	PACKETSTORM	id:	146970
db:	PACKETSTORM	id:	146971
db:	JVNDB	id:	JVNDB-2018-003686
db:	CNNVD	id:	CNNVD-201804-150
db:	NVD	id:	CVE-2018-4161

LAST UPDATE DATE

2025-07-07T20:55:12.541000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-277	date:	2018-04-06T00:00:00
db:	VULHUB	id:	VHN-134192	date:	2019-03-08T00:00:00
db:	VULMON	id:	CVE-2018-4161	date:	2019-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-003686	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-150	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2018-4161	date:	2024-11-21T04:06:53

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-277	date:	2018-04-06T00:00:00
db:	VULHUB	id:	VHN-134192	date:	2018-04-03T00:00:00
db:	VULMON	id:	CVE-2018-4161	date:	2018-04-03T00:00:00
db:	PACKETSTORM	id:	147241	date:	2018-04-18T13:33:33
db:	PACKETSTORM	id:	146965	date:	2018-03-30T15:52:32
db:	PACKETSTORM	id:	147433	date:	2018-05-02T04:32:41
db:	PACKETSTORM	id:	146966	date:	2018-03-30T15:52:53
db:	PACKETSTORM	id:	146969	date:	2018-03-30T15:55:24
db:	PACKETSTORM	id:	146970	date:	2018-03-30T15:55:41
db:	PACKETSTORM	id:	146971	date:	2018-03-30T15:56:03
db:	JVNDB	id:	JVNDB-2018-003686	date:	2018-06-01T00:00:00
db:	CNNVD	id:	CNNVD-201804-150	date:	2018-04-03T00:00:00
db:	NVD	id:	CVE-2018-4161	date:	2018-04-03T06:29:07.390