CVE-2018-4192

high-risk
Published 2018-06-08

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

Do I need to act?

!
30.4% chance of exploitation in next 30 days
EPSS score — higher than 70% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45048
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (6)

Affected Vendors

Apple

References (18)

Third Party Advisory http://www.securitytracker.com/id/1041029
Third Party Advisory https://security.gentoo.org/glsa/201808-04
Vendor Advisory https://support.apple.com/HT208848
Vendor Advisory https://support.apple.com/HT208850
Vendor Advisory https://support.apple.com/HT208851
Vendor Advisory https://support.apple.com/HT208852
Vendor Advisory https://support.apple.com/HT208853
Vendor Advisory https://support.apple.com/HT208854
Exploit https://www.exploit-db.com/exploits/45048/
Third Party Advisory http://www.securitytracker.com/id/1041029
Third Party Advisory https://security.gentoo.org/glsa/201808-04
Vendor Advisory https://support.apple.com/HT208848
Vendor Advisory https://support.apple.com/HT208850
Vendor Advisory https://support.apple.com/HT208851
Vendor Advisory https://support.apple.com/HT208852
Vendor Advisory https://support.apple.com/HT208853
Vendor Advisory https://support.apple.com/HT208854
Exploit https://www.exploit-db.com/exploits/45048/
51
/ 100
high-risk
Severity 22/34 · High
Exploitability 16/34 · Moderate
Exposure 13/34 · Low