First published: Tue May 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.
Credit: Alex Plaskett Georgi Geshev Fabi Beterke MWR Labs working with Trend Micro product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iTunes for Windows | <12.7.5 | 12.7.5 |
Apple Safari | <11.1.1 | |
Apple iPhone OS | <11.4 | |
Apple tvOS | <11.4 | |
Apple iCloud | <7.5 | |
Microsoft Windows | ||
Apple iTunes | <12.7.5 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
All of | ||
Apple iCloud | <7.5 | |
Microsoft Windows | ||
All of | ||
Apple iTunes | <12.7.5 | |
Microsoft Windows | ||
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.17.10.1 | 2.20.3-0ubuntu0.17.10.1 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.18.04.1 | 2.20.3-0ubuntu0.18.04.1 |
ubuntu/webkit2gtk | <2.20.3 | 2.20.3 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.16.04.1 | 2.20.3-0ubuntu0.16.04.1 |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.44.3-1 2.44.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-4199 is a vulnerability in certain Apple products that allows remote attackers to execute arbitrary code or cause a denial of service.
iOS before 11.4, Safari before 11.1.1, iCloud before 7.5 on Windows, iTunes before 12.7.5 on Windows, and tvOS before 11.4 are affected by CVE-2018-4199.
CVE-2018-4199 has a severity rating of 8.8 out of 10, indicating a high severity.
To fix CVE-2018-4199, update your affected Apple products to the latest versions available.
You can find more information about CVE-2018-4199 on the Security Tracker website and the Apple Support page.