First published: Thu Mar 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
Credit: found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <11.1 | 11.1 |
Apple iCloud for Windows | <7.4 | 7.4 |
Apple watchOS | <4.3 | 4.3 |
Apple tvOS | <11.3 | 11.3 |
Apple iOS | <11.3 | 11.3 |
Apple Safari | <11.1 | |
Apple iPhone OS | <11.3 | |
Apple tvOS | <11.3 | |
Apple watchOS | <4.3 | |
All of | ||
Apple iCloud | <7.4 | |
Microsoft Windows | ||
All of | ||
Apple iTunes | <12.7.4 | |
Microsoft Windows | ||
Webkitgtk Webkitgtk\+ | <2.20.4 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Apple iCloud | <7.4 | |
Microsoft Windows | ||
Apple iTunes | <12.7.4 | |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.44.4-1 2.46.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2018-4113.
iOS, Safari, iCloud, iTunes, tvOS, and watchOS are affected by this vulnerability.
The severity of CVE-2018-4113 is medium (6.5).
Update your Apple products to the latest versions available.
No, Windows operating systems are not vulnerable to CVE-2018-4113.