CVE-2018-4441: Buffer Overflow
First published: Wed Dec 05 2018(Updated: )
WebKit. A memory corruption issue was addressed with improved memory handling.
Credit: lokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zerolokihardt Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <7.9 | 7.9 |
| Apple iTunes for Windows | <12.9.2 | 12.9.2 |
| Apple Safari | <12.0.2 | 12.0.2 |
| Apple watchOS | <5.1.2 | 5.1.2 |
| Apple tvOS | <12.1.1 | 12.1.1 |
| Apple iOS | <12.1.1 | 12.1.1 |
| Apple Safari | <12.0.2 | |
| Apple iPhone OS | <12.1.1 | |
| Apple tvOS | <12.1.1 | |
| Apple watchOS | <5.1.2 | |
| Apple iCloud | <7.9 | |
| Apple iTunes | <12.9.2 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209340 (Advisory)
- https://support.apple.com/en-us/HT209342 (Advisory)
- https://support.apple.com/en-us/HT209343 (Advisory)
- https://support.apple.com/en-us/HT209344 (Advisory)
- https://support.apple.com/en-us/HT209345 (Advisory)
- https://support.apple.com/en-us/HT209346 (Advisory)
- https://support.apple.com/kb/HT209340
- https://support.apple.com/kb/HT209342
- https://support.apple.com/kb/HT209343
- https://support.apple.com/kb/HT209344
- https://support.apple.com/kb/HT209345
- https://support.apple.com/kb/HT209346
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4440
- CVE-2018-4439
- CVE-2018-4437
- CVE-2018-4464
- CVE-2018-4441
- CVE-2018-4442
- CVE-2018-4443
- CVE-2018-4438
- CVE-2018-4444
- CVE-2018-4445
- CVE-2018-4303
- CVE-2018-4427
- CVE-2018-4431
- CVE-2018-4448
- CVE-2018-4460
- CVE-2018-4447
- CVE-2018-4435
- CVE-2018-4461
- CVE-2018-4429
- CVE-2018-4436
- CVE-2018-4465
- CVE-2018-4430
- CVE-2018-4446
- CVE-2018-4428
Frequently Asked Questions
What is CVE-2018-4441?
CVE-2018-4441 is a memory corruption issue in WebKit that has been addressed with improved memory handling.
Which versions are affected by CVE-2018-4441?
CVE-2018-4441 affects versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, and iCloud for Windows 7.9.
How can CVE-2018-4441 be exploited?
CVE-2018-4441 can be exploited through a memory corruption attack in WebKit.
What is the severity of CVE-2018-4441?
CVE-2018-4441 has a severity rating of 8.8 (high).
How do I mitigate CVE-2018-4441?
To mitigate CVE-2018-4441, update to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, or iCloud for Windows 7.9.
- collector/apple-support
- alias/CVE-2018-4442
- alias/CVE-2018-4443
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- collector/nvd-index
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/apple safari
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple iphone os
- canonical/apple icloud
- canonical/apple itunes
- vendor/microsoft
- canonical/microsoft windows