What is CVE-2018-4121?

CVE-2018-4121 is a vulnerability in certain Apple products that allows for multiple memory corruption issues due to improved memory handling.

Which Apple products are affected by CVE-2018-4121?

The following Apple products are affected by CVE-2018-4121: iOS before 11.3, Safari before 11.1, iCloud before 7.4 on Windows, iTunes before 12.7.4 on Windows, tvOS before 11.3, and watchOS before 4.3.

What is the severity of CVE-2018-4121?

The severity of CVE-2018-4121 is high, with a severity score of 8.8.

How can I fix CVE-2018-4121?

To fix CVE-2018-4121, update to the latest versions of the affected Apple products: iOS 11.3 or later, Safari 11.1 or later, iCloud 7.4 or later on Windows, iTunes 12.7.4 or later on Windows, tvOS 11.3 or later, and watchOS 4.3 or later.

Where can I find more information about CVE-2018-4121?

You can find more information about CVE-2018-4121 on the following references: [SecurityTracker](http://www.securitytracker.com/id/1040604), [GitHub](https://github.com/mwrlabs/CVE-2018-4121), [Gentoo security advisory](https://security.gentoo.org/glsa/201808-04).

Vulnerability/
CVE-2018-4121

high

8.8

CWE

119

29/3/2018

3/4/2018

5/8/2024

CVE-2018-4121: Buffer Overflow

First published: Thu Mar 29 2018(Updated: )

WebKit. Multiple memory corruption issues were addressed with improved memory handling.

Credit: Yuan Deng Antfound by OSS-Fuzz Jun Kokatsu @shhnjk an anonymous researcher Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan TeamNatalie Silvanovich Google Project ZeroWanderingGlitch Trend MicroWanderingGlitch Trend Microan anonymous researcher Trend MicroZach Markley likemeng Baidu Security Lab working with Trend MicroOmair Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan TeamYuan Deng Antfound by OSS-Fuzz Jun Kokatsu @shhnjk an anonymous researcher Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Teamnatashenka Google Project ZeroWanderingGlitch Trend MicroWanderingGlitch Trend Microan anonymous researcher Trend MicroZach Markley likemeng Baidu Security Lab working with Trend MicroOmair Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Teamfound by OSS-Fuzz natashenka Google Project ZeroWanderingGlitch Trend MicroWanderingGlitch Trend Microlikemeng Baidu Security Lab working with Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroYuan Deng Antfound by OSS-Fuzz Jun Kokatsu @shhnjk an anonymous researcher Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Teamnatashenka Google Project ZeroWanderingGlitch Trend MicroWanderingGlitch Trend Microan anonymous researcher Trend MicroZach Markley likemeng Baidu Security Lab working with Trend MicroOmair Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan TeamYuan Deng Antfound by OSS-Fuzz Jun Kokatsu @shhnjk an anonymous researcher Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Teamnatashenka Google Project ZeroWanderingGlitch Trend MicroWanderingGlitch Trend Microan anonymous researcher Trend MicroZach Markley likemeng Baidu Security Lab working with Trend MicroOmair Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroWanderingGlitch Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Team product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iCloud for Windows	<7.4	7.4
Apple Safari	<11.1	11.1
Apple watchOS	<4.3	4.3
Apple tvOS	<11.3	11.3
Apple iOS	<11.3	11.3
Apple Safari	<11.1
Apple iPhone OS	<11.3
Apple tvOS	<11.3
Apple watchOS	<4.3
Apple iCloud	<7.4
Microsoft Windows
Apple iTunes	<12.7.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2018-4121?
CVE-2018-4121 is a vulnerability in certain Apple products that allows for multiple memory corruption issues due to improved memory handling.
Which Apple products are affected by CVE-2018-4121?
The following Apple products are affected by CVE-2018-4121: iOS before 11.3, Safari before 11.1, iCloud before 7.4 on Windows, iTunes before 12.7.4 on Windows, tvOS before 11.3, and watchOS before 4.3.
What is the severity of CVE-2018-4121?
The severity of CVE-2018-4121 is high, with a severity score of 8.8.
How can I fix CVE-2018-4121?
To fix CVE-2018-4121, update to the latest versions of the affected Apple products: iOS 11.3 or later, Safari 11.1 or later, iCloud 7.4 or later on Windows, iTunes 12.7.4 or later on Windows, tvOS 11.3 or later, and watchOS 4.3 or later.
Where can I find more information about CVE-2018-4121?
You can find more information about CVE-2018-4121 on the following references: [SecurityTracker](http://www.securitytracker.com/id/1040604), [GitHub](https://github.com/mwrlabs/CVE-2018-4121), [Gentoo security advisory](https://security.gentoo.org/glsa/201808-04).

collector/apple-support
alias/CVE-2018-4114
alias/CVE-2018-4118
alias/CVE-2018-4119
alias/CVE-2018-4120
alias/CVE-2018-4121
alias/CVE-2018-4122
alias/CVE-2018-4125
alias/CVE-2018-4127
alias/CVE-2018-4128
alias/CVE-2018-4129
alias/CVE-2018-4130
alias/CVE-2018-4161
alias/CVE-2018-4162
alias/CVE-2018-4163
alias/CVE-2018-4165
agent/type
agent/last-modified-date
agent/first-publish-date
agent/software-canonical-lookup-request
agent/event
agent/weakness
agent/references
agent/severity
agent/author
agent/description
collector/nvd-index
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple icloud for windows
canonical/apple safari
canonical/apple watchos
canonical/apple tvos
canonical/apple ios
canonical/apple iphone os
canonical/apple icloud
vendor/microsoft
canonical/microsoft windows
canonical/apple itunes