First published: Thu Mar 29 2018(Updated: )
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Credit: found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <11.1 | 11.1 |
Apple iCloud for Windows | <7.4 | 7.4 |
Apple watchOS | <4.3 | 4.3 |
Apple tvOS | <11.3 | 11.3 |
Apple iOS | <11.3 | 11.3 |
Apple Safari | <11.1 | |
Apple iPhone OS | <11.3 | |
Apple tvOS | <11.3 | |
Apple watchOS | <4.3 | |
Apple iCloud | <7.4 | |
Apple iTunes | <12.7.4 | |
Microsoft Windows | ||
Canonical Ubuntu Linux | =18.04 | |
Webkitgtk Webkitgtk\+ | <2.22.0 | |
All of | ||
Any of | ||
Apple iCloud | <7.4 | |
Apple iTunes | <12.7.4 | |
Microsoft Windows | ||
ubuntu/webkit2gtk | <2.22.2-0ubuntu0.18.04.1 | 2.22.2-0ubuntu0.18.04.1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
ubuntu/webkit2gtk | <2.20.0 | 2.20.0 |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.2-1~deb12u1 2.44.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
The severity of CVE-2018-4207 is high with a severity value of 8.8.
CVE-2018-4207 can cause an ASSERT failure in iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, and watchOS before 4.3.
To fix CVE-2018-4207, update your software to the recommended version: webkit2gtk 2.22.2-1ubuntu1 for Ubuntu, Safari 11.1 for Apple devices, iCloud for Windows 7.4 for Windows, tvOS 11.3 for Apple tvOS, watchOS 4.3 for Apple watchOS, and iTunes 12.7.4 for Windows.
You can find more information about CVE-2018-4207 on the MITRE CVE website and the WebKitGTK website.
The CWE ID for CVE-2018-4207 is CWE-20.