First published: Tue May 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
Credit: natashenka Google Project Zero product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iTunes for Windows | <12.7.5 | 12.7.5 |
Apple Safari | <11.1.1 | |
Apple iPhone OS | <11.4 | |
Apple tvOS | <11.4 | |
Apple watchOS | <4.3.1 | |
Apple iCloud | <7.5 | |
Microsoft Windows | ||
Apple iTunes | <12.7.5 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
All of | ||
Apple iCloud | <7.5 | |
Microsoft Windows | ||
All of | ||
Apple iTunes | <12.7.5 | |
Microsoft Windows | ||
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.17.10.1 | 2.20.3-0ubuntu0.17.10.1 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.18.04.1 | 2.20.3-0ubuntu0.18.04.1 |
ubuntu/webkit2gtk | <2.20.3 | 2.20.3 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.16.04.1 | 2.20.3-0ubuntu0.16.04.1 |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.44.3-1 2.44.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-4222 is a vulnerability in certain Apple products, including iOS, Safari, iCloud, iTunes, tvOS, and watchOS.
The severity of CVE-2018-4222 is high, with a CVSS score of 8.8.
CVE-2018-4222 affects Safari versions before 11.1.1.
CVE-2018-4222 affects iOS versions before 11.4.
To mitigate CVE-2018-4222, update to the latest version of the affected software, such as iOS 11.4 or Safari 11.1.1.