What is CVE-2018-4474?

CVE-2018-4474 is a vulnerability in WebKit that allows for a memory consumption issue, which can result in an ASSERT failure.

What is the severity of CVE-2018-4474?

The severity of CVE-2018-4474 is high, with a CVSS score of 7.5.

Which software versions are affected by CVE-2018-4474?

CVE-2018-4474 affects Safari version up to exclusive 12, tvOS version up to exclusive 12, iOS version up to exclusive 12, iTunes for Windows version up to exclusive 12.9, and iCloud for Windows version up to exclusive 7.7.

Where can I find more information about CVE-2018-4474?

You can find more information about CVE-2018-4474 on the Apple support website at the following links: [link1](https://support.apple.com/en-us/HT209109), [link2](https://support.apple.com/en-us/HT209107), [link3](https://support.apple.com/en-us/HT209106).

Vulnerability/
CVE-2018-4474

high

7.5

CWE

400

12/9/2018

27/10/2020

5/8/2024

CVE-2018-4474

Q: How can I fix CVE-2018-4474?

To fix CVE-2018-4474, update to iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12, or a later version.

First published: Wed Sep 12 2018(Updated: )

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

Credit: found by OSS-Fuzz product-security@apple.com

Affected Software	Affected Version	How to fix
tvOS	<12	12
Apple Mobile Safari	<12	12
Apple iCloud for Windows	<7.7
Apple iTunes for Windows	<12.9
Apple Mobile Safari	<12
iOS	<12.0
tvOS	<12
Apple iOS, iPadOS, and watchOS	<5.0
Apple iOS, iPadOS, and watchOS	<12	12
Apple iOS, iPadOS, and watchOS	<5	5
Apple iCloud	<7.7	7.7
Apple iTunes	<12.9	12.9

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT209106 (Advisory)
https://support.apple.com/en-us/HT209107 (Advisory)
https://support.apple.com/en-us/HT209108 (Advisory)
https://support.apple.com/en-us/HT209109 (Advisory)
https://support.apple.com/en-us/HT209140 (Advisory)
https://support.apple.com/en-us/HT209141 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2018-4474?
CVE-2018-4474 is a vulnerability in WebKit that allows for a memory consumption issue, which can result in an ASSERT failure.
What is the severity of CVE-2018-4474?
The severity of CVE-2018-4474 is high, with a CVSS score of 7.5.
Which software versions are affected by CVE-2018-4474?
CVE-2018-4474 affects Safari version up to exclusive 12, tvOS version up to exclusive 12, iOS version up to exclusive 12, iTunes for Windows version up to exclusive 12.9, and iCloud for Windows version up to exclusive 7.7.
How can I fix CVE-2018-4474?
To fix CVE-2018-4474, update to iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12, or a later version.
Where can I find more information about CVE-2018-4474?
You can find more information about CVE-2018-4474 on the Apple support website at the following links: [link1](https://support.apple.com/en-us/HT209109), [link2](https://support.apple.com/en-us/HT209107), [link3](https://support.apple.com/en-us/HT209106).

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/apple-support
alias/CVE-2018-4474
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/apple
canonical/tvos
canonical/apple mobile safari
canonical/apple icloud for windows
canonical/apple itunes for windows
canonical/ios
canonical/apple ios, ipados, and watchos
canonical/apple icloud
canonical/apple itunes