ID

VAR-201904-1403


CVE

CVE-2018-4311


TITLE

plural Apple Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014962

DESCRIPTION

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. plural Apple There is a vulnerability related to information disclosure because the product does not properly handle origin information.Information may be obtained and information may be altered. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. WebKit is one of the web browser engine components. An attacker could exploit this vulnerability to determine the source of an access frame. CVE-2018-4305: Jerry Decime Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Security Available for: Apple Watch Series 1 and later Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-24-3 Additional information for APPLE-SA-2018-9-17-4 Safari 12 Safari 12 addresses the following: Safari Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. CVE-2018-4329: Hugo S. Diaz (coldpointblue) Safari Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com) Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation. CVE-2018-4191: found by OSS-Fuzz Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Cross-origin SecurityErrors includes the accessed frame's origin Description: The issue was addressed by removing origin information. CVE-2018-4311: Erling Alf Ellingsen (@steike) Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4319: John Pettitt of Google Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. CVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2018-4345: an anonymous researcher Entry added September 24, 2018 WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14 Impact: Unexpected interaction causes an ASSERT failure Description: A memory consumption issue was addressed with improved memory handling. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018 Additional recognition WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance. Installation note: Safari 12 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlupFUIACgkQeC9tht7T K3EOzBAAr4Kr9hZVKV603mOTE9cq6boEBYJLYJUN2/VjLzBPYWYr/e8tPg0P1EWr i67b/0pWifR6A73F53oCxMzdumfwC4by2n106ABrx5KPYmbz5YBk8X/YEEWokBdK zK/AJpQo768pTUIxlVuhIOsCLOieMRX3kiPWIg10WeIEggEnyavK9/emNyUu08GV AXviCAz2vohBgG0pAvgKt2HD/yTxG2n+gdP9krOT9mMh0aH1tTlZ8107cF2bTWwv yZw9LSCELre6cKOx4iDaY+vpPWGXwI+8+6hXYqKjNBomgJhLeQVqIdBo29IM0HTO FZcyrQ5djoNDl8ZfGUAwFtyDhD4Fmdb/JyDdvLXME/GL2fPWG8hqDS5EGU/cNIus ugQv/zsm6pXqLWt+sxbP5lU4Uuwfkw4H7HwwBxoE04ufGfxurEBgTIIQn+KwYg9J ODrdoqsIDThOtqQHxzp0//+rs0hg49jGm4P8eSG86Oycoyw/Q9/pzCKeQGazfyfF cTNX3wsZA84RVbHLVWbp0ZnYhVrH1iL61ipzH2hDTUbjelvv4u4pN6flIM6Kw9uN J5bYuFOXzv61bxMe8fdAlZixqFXqJ5oNBTZOdaicZEKmfRTTh4p1BLTWcFSRbp7K wCXqHSwmD7RjGr0Qbr/CvJFb/+kOrzQIHX7sCR6ZIusZPLpTYXI= =4ySP -----END PGP SIGNATURE----- . ----------------------------------------------------------------------- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 ------------------------------------------------------------------------ Date reported : September 26, 2018 Advisory ID : WSA-2018-0007 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0007.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0007.html CVE identifiers : CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4207 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4208 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4209 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4210 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction with indexing types caused a failure. An array indexing issue existed in the handling of a function in JavaScriptCore. CVE-2018-4212 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4213 Versions affected: WebKitGTK+ before 2.20.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4191 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. CVE-2018-4197 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4299 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroI2 (saelo) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4306 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4309 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to an anonymous researcher working with Trend Micro's Zero Day Initiative. A malicious website may be able to execute scripts in the context of another website. A cross-site scripting issue existed in WebKit. CVE-2018-4311 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Erling Alf Ellingsen (@steike). Cross-origin SecurityErrors includes the accessed frameas origin. CVE-2018-4312 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4314 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4315 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4316 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. CVE-2018-4317 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4318 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4319 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to John Pettitt of Google. A malicious website may cause unexepected cross-origin behavior. A cross-origin issue existed with iframe elements. CVE-2018-4323 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4328 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Ivan Fratric of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4358 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4359 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Samuel GroA (@5aelo). Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4361 Versions affected: WebKitGTK+ and WPE WebKit before 2.22.0. Credit to Google OSS-Fuzz. Unexpected interaction causes an ASSERT failure. A memory corruption issue was addressed with improved memory handling. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, September 26, 2018

Trust: 2.43

sources: NVD: CVE-2018-4311 // JVNDB: JVNDB-2018-014962 // VULHUB: VHN-134342 // VULMON: CVE-2018-4311 // PACKETSTORM: 150115 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149605 // PACKETSTORM: 149722

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:5.0

Trust: 1.0

vendor:applemodel:safariscope:ltversion:12

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.7

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.9

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.7 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.9 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12 (macos high sierra 10.13.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12 (macos mojave 10.14)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5 (apple watch series 1 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2018-014962 // NVD: CVE-2018-4311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4311
value: HIGH

Trust: 1.0

NVD: CVE-2018-4311
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-1166
value: HIGH

Trust: 0.6

VULHUB: VHN-134342
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4311
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4311
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134342
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4311
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134342 // VULMON: CVE-2018-4311 // CNNVD: CNNVD-201809-1166 // JVNDB: JVNDB-2018-014962 // NVD: CVE-2018-4311

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134342 // JVNDB: JVNDB-2018-014962 // NVD: CVE-2018-4311

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1166

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-1166

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014962

PATCH

title:HT209141url:https://support.apple.com/en-us/HT209141

Trust: 0.8

title:HT209106url:https://support.apple.com/en-us/HT209106

Trust: 0.8

title:HT209108url:https://support.apple.com/en-us/HT209108

Trust: 0.8

title:HT209109url:https://support.apple.com/en-us/HT209109

Trust: 0.8

title:HT209140url:https://support.apple.com/en-us/HT209140

Trust: 0.8

title:HT209106url:https://support.apple.com/ja-jp/HT209106

Trust: 0.8

title:HT209108url:https://support.apple.com/ja-jp/HT209108

Trust: 0.8

title:HT209109url:https://support.apple.com/ja-jp/HT209109

Trust: 0.8

title:HT209140url:https://support.apple.com/ja-jp/HT209140

Trust: 0.8

title:HT209141url:https://support.apple.com/ja-jp/HT209141

Trust: 0.8

title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85200

Trust: 0.6

title:Ubuntu Security Notice: webkit2gtk vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3781-1

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/apple-releases-security-updates-for-ios-and-icloud-fixes-passcode-bypass/

Trust: 0.1

sources: VULMON: CVE-2018-4311 // CNNVD: CNNVD-201809-1166 // JVNDB: JVNDB-2018-014962

EXTERNAL IDS

db:NVDid:CVE-2018-4311

Trust: 3.3

db:JVNid:JVNVU92800088

Trust: 0.8

db:JVNid:JVNVU93341447

Trust: 0.8

db:JVNDBid:JVNDB-2018-014962

Trust: 0.8

db:CNNVDid:CNNVD-201809-1166

Trust: 0.7

db:VULHUBid:VHN-134342

Trust: 0.1

db:VULMONid:CVE-2018-4311

Trust: 0.1

db:PACKETSTORMid:150115

Trust: 0.1

db:PACKETSTORMid:150114

Trust: 0.1

db:PACKETSTORMid:149511

Trust: 0.1

db:PACKETSTORMid:149515

Trust: 0.1

db:PACKETSTORMid:149513

Trust: 0.1

db:PACKETSTORMid:149605

Trust: 0.1

db:PACKETSTORMid:149722

Trust: 0.1

sources: VULHUB: VHN-134342 // VULMON: CVE-2018-4311 // PACKETSTORM: 150115 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149605 // PACKETSTORM: 149722 // CNNVD: CNNVD-201809-1166 // JVNDB: JVNDB-2018-014962 // NVD: CVE-2018-4311

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2018-4311

Trust: 2.1

url:https://support.apple.com/kb/ht209106

Trust: 1.8

url:https://support.apple.com/kb/ht209108

Trust: 1.8

url:https://support.apple.com/kb/ht209109

Trust: 1.8

url:https://support.apple.com/kb/ht209140

Trust: 1.8

url:https://support.apple.com/kb/ht209141

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4311

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93341447/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92800088/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4319

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4191

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4361

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4359

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4358

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4299

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-4323

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4318

Trust: 0.6

url:https://support.apple.com/kb/ht201222

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4309

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4315

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4197

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4316

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4317

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4306

Trust: 0.6

url:https://www.apple.com/support/security/pgp/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4312

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4328

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4314

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-4345

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-4360

Trust: 0.3

url:https://support.apple.com/ht204283

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4412

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4414

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4126

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-4347

Trust: 0.2

url:https://www.apple.com/itunes/download/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2018/sep/45

Trust: 0.1

url:https://usn.ubuntu.com/3781-1/

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4344

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4329

Trust: 0.1

url:https://www.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4208

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4213

Trust: 0.1

url:https://wpewebkit.org/security/.

Trust: 0.1

url:https://wpewebkit.org/security/wsa-2018-0007.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4209

Trust: 0.1

url:https://webkitgtk.org/security.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4210

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2018-0007.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-4207

Trust: 0.1

sources: VULHUB: VHN-134342 // VULMON: CVE-2018-4311 // PACKETSTORM: 150115 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149605 // PACKETSTORM: 149722 // CNNVD: CNNVD-201809-1166 // JVNDB: JVNDB-2018-014962 // NVD: CVE-2018-4311

CREDITS

Apple

Trust: 0.6

sources: PACKETSTORM: 150115 // PACKETSTORM: 150114 // PACKETSTORM: 149511 // PACKETSTORM: 149515 // PACKETSTORM: 149513 // PACKETSTORM: 149722

SOURCES

db:VULHUBid:VHN-134342
db:VULMONid:CVE-2018-4311
db:PACKETSTORMid:150115
db:PACKETSTORMid:150114
db:PACKETSTORMid:149511
db:PACKETSTORMid:149515
db:PACKETSTORMid:149513
db:PACKETSTORMid:149605
db:PACKETSTORMid:149722
db:CNNVDid:CNNVD-201809-1166
db:JVNDBid:JVNDB-2018-014962
db:NVDid:CVE-2018-4311

LAST UPDATE DATE

2026-07-08T21:11:59.351000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-134342date:2019-04-08T00:00:00
db:VULMONid:CVE-2018-4311date:2019-04-08T00:00:00
db:CNNVDid:CNNVD-201809-1166date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2018-014962date:2019-04-18T00:00:00
db:NVDid:CVE-2018-4311date:2026-06-17T01:58:46.063

SOURCES RELEASE DATE

db:VULHUBid:VHN-134342date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4311date:2019-04-03T00:00:00
db:PACKETSTORMid:150115date:2018-10-31T16:10:39
db:PACKETSTORMid:150114date:2018-10-31T16:10:29
db:PACKETSTORMid:149511date:2018-09-25T16:20:49
db:PACKETSTORMid:149515date:2018-09-25T16:31:15
db:PACKETSTORMid:149513date:2018-09-25T16:25:47
db:PACKETSTORMid:149605date:2018-10-01T17:13:20
db:PACKETSTORMid:149722date:2018-10-09T16:58:43
db:CNNVDid:CNNVD-201809-1166date:2018-09-27T00:00:00
db:JVNDBid:JVNDB-2018-014962date:2019-04-18T00:00:00
db:NVDid:CVE-2018-4311date:2019-04-03T18:29:06.673