What is CVE-2018-4273?

CVE-2018-4273 is a vulnerability in WebKit that allows for multiple memory corruption issues due to improved input validation.

Which versions are affected by CVE-2018-4273?

Versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, and iCloud for Windows 7.6 are affected by CVE-2018-4273.

What is the severity of CVE-2018-4273?

CVE-2018-4273 has a severity rating of 6.5 (medium).

How do I fix CVE-2018-4273 on Ubuntu?

To fix CVE-2018-4273 on Ubuntu, update to version 2.20.5-0ubuntu0.18.04.1 for Ubuntu 18.04, version 2.20.5-0ubuntu0.16.04.1 for Ubuntu 16.04, or version 2.20.4 for upstream.

How do I fix CVE-2018-4273 on Apple products?

To fix CVE-2018-4273 on Apple products, update to the following versions: iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, or iTunes 12.8 for Windows.

Vulnerability/
CVE-2018-4273

medium

6.5

CWE

20 119

9/7/2018

3/4/2019

5/8/2024

CVE-2018-4273: Input Validation

First published: Mon Jul 09 2018(Updated: )

Last updated 24 July 2024

Credit: found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iCloud for Windows	<7.6	7.6
Apple iTunes for Windows	<12.8	12.8
Apple Safari	<11.1.2	11.1.2
Apple watchOS	<4.3.2	4.3.2
Apple tvOS	<11.4.1	11.4.1
Apple iOS	<11.4.1	11.4.1
Apple Safari	<11.1.2
Apple iPhone OS	<11.4.1
Apple tvOS	<11.4.1
Apple watchOS	<4.3.2
All of
Any of
Apple iCloud	<7.6
Apple iTunes	<12.8
Microsoft Windows
Apple iCloud	<7.6
Apple iTunes	<12.8
Microsoft Windows
debian/webkit2gtk		2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.46.0-2 2.46.1-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2018-4273?
CVE-2018-4273 is a vulnerability in WebKit that allows for multiple memory corruption issues due to improved input validation.
Which versions are affected by CVE-2018-4273?
Versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, and iCloud for Windows 7.6 are affected by CVE-2018-4273.
What is the severity of CVE-2018-4273?
CVE-2018-4273 has a severity rating of 6.5 (medium).
How do I fix CVE-2018-4273 on Ubuntu?
To fix CVE-2018-4273 on Ubuntu, update to version 2.20.5-0ubuntu0.18.04.1 for Ubuntu 18.04, version 2.20.5-0ubuntu0.16.04.1 for Ubuntu 16.04, or version 2.20.4 for upstream.
How do I fix CVE-2018-4273 on Apple products?
To fix CVE-2018-4273 on Apple products, update to the following versions: iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, or iTunes 12.8 for Windows.

collector/apple-support
alias/CVE-2018-4273
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/software-canonical-lookup-request
agent/weakness
agent/severity
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/trending
vendor/apple
canonical/apple icloud for windows
canonical/apple itunes for windows
canonical/apple safari
canonical/apple watchos
canonical/apple tvos
canonical/apple ios
canonical/apple iphone os
canonical/apple icloud
canonical/apple itunes
vendor/microsoft
canonical/microsoft windows
package-manager/debian