CVE-2018-4121: Buffer Overflow
First published: Thu Mar 29 2018(Updated: )
WebKit. Multiple memory corruption issues were addressed with improved memory handling.
Credit: Yuan Deng Antfound by OSS-Fuzz Jun Kokatsu @shhnjk an anonymous researcher Trend MicroHanming Zhang @4shitak4 Qihoo 360 Vulcan Teamnatashenka Google Project ZeroWanderingGlitch Trend MicroZach Markley likemeng Baidu Security Lab working with Trend MicroOmair Trend Micro product-security@apple.com Natalie Silvanovich Google Project Zero
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <11.3 | 11.3 |
| Apple Mobile Safari | <11.1 | 11.1 |
| Apple iOS, iPadOS, and watchOS | <11.3 | 11.3 |
| Apple iOS, iPadOS, and watchOS | <4.3 | 4.3 |
| Apple iCloud | <7.4 | 7.4 |
| Apple Mobile Safari | <11.1 | |
| iStyle @cosme iPhone OS | <11.3 | |
| tvOS | <11.3 | |
| Apple iOS, iPadOS, and watchOS | <4.3 | |
| Apple iCloud for Windows | <7.4 | |
| Microsoft Windows | ||
| Apple iTunes for Windows | <12.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208693 (Advisory)
- https://support.apple.com/en-us/HT208695 (Advisory)
- https://support.apple.com/en-us/HT208696 (Advisory)
- https://support.apple.com/en-us/HT208697 (Advisory)
- https://support.apple.com/en-us/HT208698 (Advisory)
- http://www.securitytracker.com/id/1040604
- https://github.com/mwrlabs/CVE-2018-4121
- https://security.gentoo.org/glsa/201808-04
- https://support.apple.com/HT208693
- https://support.apple.com/HT208694
- https://support.apple.com/HT208695
- https://support.apple.com/HT208696
- https://support.apple.com/HT208697
- https://support.apple.com/HT208698
- https://www.exploit-db.com/exploits/44427/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4155
- CVE-2018-4142
- CVE-2018-4167
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4185
- CVE-2017-15412
- CVE-2018-4166
- CVE-2018-4157
- CVE-2018-4144
- CVE-2018-4115
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
- CVE-2018-4102
- CVE-2018-4116
- CVE-2018-4186
- CVE-2018-4137
- CVE-2018-4133
- CVE-2018-4117
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4158
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4151
- CVE-2018-4187
- CVE-2018-4174
- CVE-2018-4156
- CVE-2018-4134
- CVE-2018-4149
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
- CVE-2018-4131
Frequently Asked Questions
What is CVE-2018-4121?
CVE-2018-4121 is a vulnerability in certain Apple products that allows for multiple memory corruption issues due to improved memory handling.
Which Apple products are affected by CVE-2018-4121?
The following Apple products are affected by CVE-2018-4121: iOS before 11.3, Safari before 11.1, iCloud before 7.4 on Windows, iTunes before 12.7.4 on Windows, tvOS before 11.3, and watchOS before 4.3.
What is the severity of CVE-2018-4121?
The severity of CVE-2018-4121 is high, with a severity score of 8.8.
How can I fix CVE-2018-4121?
To fix CVE-2018-4121, update to the latest versions of the affected Apple products: iOS 11.3 or later, Safari 11.1 or later, iCloud 7.4 or later on Windows, iTunes 12.7.4 or later on Windows, tvOS 11.3 or later, and watchOS 4.3 or later.
Where can I find more information about CVE-2018-4121?
You can find more information about CVE-2018-4121 on the following references: [SecurityTracker](http://www.securitytracker.com/id/1040604), [GitHub](https://github.com/mwrlabs/CVE-2018-4121), [Gentoo security advisory](https://security.gentoo.org/glsa/201808-04).
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- alias/CVE-2018-4114
- alias/CVE-2018-4118
- alias/CVE-2018-4119
- alias/CVE-2018-4120
- alias/CVE-2018-4121
- alias/CVE-2018-4122
- alias/CVE-2018-4125
- alias/CVE-2018-4127
- alias/CVE-2018-4128
- alias/CVE-2018-4129
- alias/CVE-2018-4130
- alias/CVE-2018-4161
- alias/CVE-2018-4162
- alias/CVE-2018-4163
- alias/CVE-2018-4165
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/tvos
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- canonical/istyle @cosme iphone os
- canonical/apple icloud for windows
- vendor/microsoft
- canonical/microsoft windows
- canonical/apple itunes for windows