What is the vulnerability ID?

The vulnerability ID is CVE-2018-4299.

What is the severity of CVE-2018-4299?

The severity of CVE-2018-4299 is high, with a CVSS score of 8.8.

Which software versions are affected by CVE-2018-4299?

Versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7 are affected by CVE-2018-4299.

How can I fix CVE-2018-4299?

To fix CVE-2018-4299, update to the latest versions of iOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows.

Where can I find more information about CVE-2018-4299?

You can find more information about CVE-2018-4299 on the Apple support website: [link](https://support.apple.com/kb/HT209106), [link](https://support.apple.com/kb/HT209107), [link](https://support.apple.com/kb/HT209108).

Vulnerability/
CVE-2018-4299

high

8.8

CWE

119

12/9/2018

28/9/2018

17/9/2019

CVE-2018-4299: Buffer Overflow

First published: Wed Sep 12 2018(Updated: )

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Credit: Samuel Groβ (saelo) Trend MicroIvan Fratric Google Project ZeroIvan Fratric Google Project Zeroteam (@bkth_ @5aelo @_niklasb) @phoenhex Trend MicroSamuel Groß @5aelo William Bowling @wcbowling Samuel Groβ (saelo) Trend Micro's Zero Day InitiativeIvan Fratric Google Project ZeroIvan Fratric Google Project Zeroteam (@bkth_ @5aelo @_niklasb) @phoenhex Trend Micro's Zero Day InitiativeSamuel Groß @5aelo William Bowling @wcbowling Samuel Groβ (saelo) Trend MicroSamuel Groß @5aelo team (@bkth_ @5aelo @_niklasb) @phoenhex Trend MicroSamuel Groβ (saelo) Trend MicroIvan Fratric Google Project ZeroIvan Fratric Google Project Zeroteam (@bkth_ @5aelo @_niklasb) @phoenhex Trend MicroSamuel Groß @5aelo William Bowling @wcbowling Samuel Groβ (saelo) Trend MicroIvan Fratric Google Project ZeroIvan Fratric Google Project Zeroteam (@bkth_ @5aelo @_niklasb) @phoenhex Trend MicroSamuel Groß @5aelo William Bowling @wcbowling Samuel Groβ (saelo) Trend MicroIvan Fratric Google Project ZeroIvan Fratric Google Project Zeroteam (@bkth_ @5aelo @_niklasb) @phoenhex Trend MicroSamuel Groß @5aelo William Bowling @wcbowling product-security@apple.com product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iTunes for Windows	<12.9	12.9
Apple iCloud for Windows	<7.7	7.7
Apple Safari	<12	12
Apple watchOS	<5	5
Apple tvOS	<12	12
Apple iOS	<12	12
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-0ubuntu0.18.04.1	2.22.2-0ubuntu0.18.04.1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
ubuntu/webkit2gtk	<2.22.0	2.22.0
ubuntu/webkit2gtk	<2.22.2-1ubuntu1	2.22.2-1ubuntu1
debian/webkit2gtk		2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.42.2-1~deb11u1 2.42.5-1~deb11u1 2.42.2-1~deb12u1 2.42.5-1~deb12u1 2.42.5-1
Apple Safari	<12
Apple iPhone OS	<12.0
Apple tvOS	<12
Apple watchOS	<5.0
Apple iCloud	<7.7
Apple iTunes	<12.9
Microsoft Windows
All of
Any of
Apple iCloud	<7.7
Apple iTunes	<12.9
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2018-4299.
What is the severity of CVE-2018-4299?
The severity of CVE-2018-4299 is high, with a CVSS score of 8.8.
Which software versions are affected by CVE-2018-4299?
Versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7 are affected by CVE-2018-4299.
How can I fix CVE-2018-4299?
To fix CVE-2018-4299, update to the latest versions of iOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows.
Where can I find more information about CVE-2018-4299?
You can find more information about CVE-2018-4299 on the Apple support website: [link](https://support.apple.com/kb/HT209106), [link](https://support.apple.com/kb/HT209107), [link](https://support.apple.com/kb/HT209108).

collector/apple-support
alias/CVE-2018-4323
alias/CVE-2018-4328
alias/CVE-2018-4358
alias/CVE-2018-4359
alias/CVE-2018-4360
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/software-canonical-lookup-request
agent/last-modified-date
agent/references
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/author
agent/description
collector/security-tracker-debian
source/Debian
agent/tags
agent/softwarecombine
agent/event
collector/nvd-index
collector/nvd-cve
source/NVD
vendor/apple
canonical/apple itunes for windows
canonical/apple icloud for windows
canonical/apple safari
canonical/apple watchos
canonical/apple tvos
canonical/apple ios
package-manager/ubuntu
package-manager/debian
canonical/apple iphone os
canonical/apple icloud
canonical/apple itunes
vendor/microsoft
canonical/microsoft windows