Sign-up

ID

VAR-201901-1014


CVE

CVE-2018-4147


TITLE

plural Apple Multiple memory corruption vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013612

DESCRIPTION

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.There is a possibility of memory corruption. Apple iOS, Safari and iCloud for Windows are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. An attacker using maliciously crafted website content could exploit this vulnerability to execute arbitrary code (memory corruption)

Trust: 1.71

sources: NVD: CVE-2018-4147 // JVNDB: JVNDB-2018-013612 // VULHUB: VHN-134178

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:7.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.2.5

Trust: 1.0

vendor:applemodel:safariscope:ltversion:11.0.3

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.2

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.3 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2.5 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.3 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.3 (macos high sierra 10.13.3)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.3 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.3 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:safariscope:eqversion: -

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 0.6

sources: JVNDB: JVNDB-2018-013612 // CNNVD: CNNVD-201901-390 // NVD: CVE-2018-4147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4147
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4147
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-390
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134178
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4147
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134178
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4147
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134178 // JVNDB: JVNDB-2018-013612 // CNNVD: CNNVD-201901-390 // NVD: CVE-2018-4147

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-134178 // JVNDB: JVNDB-2018-013612 // NVD: CVE-2018-4147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-390

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201901-390

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013612

PATCH
title:HT208475url:https://support.apple.com/en-us/HT208475
Trust: 0.8
title:HT208463url:https://support.apple.com/en-us/HT208463
Trust: 0.8
title:HT208465url:https://support.apple.com/en-us/HT208465
Trust: 0.8
title:HT208473url:https://support.apple.com/en-us/HT208473
Trust: 0.8
title:HT208474url:https://support.apple.com/en-us/HT208474
Trust: 0.8
title:HT208463url:https://support.apple.com/ja-jp/HT208463
Trust: 0.8
title:HT208465url:https://support.apple.com/ja-jp/HT208465
Trust: 0.8
title:HT208473url:https://support.apple.com/ja-jp/HT208473
Trust: 0.8
title:HT208474url:https://support.apple.com/ja-jp/HT208474
Trust: 0.8
title:HT208475url:https://support.apple.com/ja-jp/HT208475
Trust: 0.8
title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88554
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013612 // 
            
            
            
            CNNVD: CNNVD-201901-390

EXTERNAL IDS
db:NVDid:CVE-2018-4147
Trust: 2.5
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2018-013612
Trust: 0.8
db:CNNVDid:CNNVD-201901-390
Trust: 0.7
db:VULHUBid:VHN-134178
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134178 // 
            
            
            
            JVNDB: JVNDB-2018-013612 // 
            
            
            
            CNNVD: CNNVD-201901-390 // 
            
            
            
            NVD: CVE-2018-4147

REFERENCES
url:https://support.apple.com/ht208463
Trust: 1.7
url:https://support.apple.com/ht208465
Trust: 1.7
url:https://support.apple.com/ht208473
Trust: 1.7
url:https://support.apple.com/ht208474
Trust: 1.7
url:https://support.apple.com/ht208475
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4147
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4147
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134178 // 
            
            
            
            JVNDB: JVNDB-2018-013612 // 
            
            
            
            CNNVD: CNNVD-201901-390 // 
            
            
            
            NVD: CVE-2018-4147

SOURCES
db:VULHUBid:VHN-134178
db:JVNDBid:JVNDB-2018-013612
db:CNNVDid:CNNVD-201901-390
db:NVDid:CVE-2018-4147

LAST UPDATE DATE
2024-11-23T19:30:27.495000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134178date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2018-013612date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-390date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4147date:2024-11-21T04:06:51.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-134178date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2018-013612date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-390date:2019-01-14T00:00:00
db:NVDid:CVE-2018-4147date:2019-01-11T18:29:00.827