Vulnerability Details : CVE-2018-4213
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
Vulnerability category: Input validation
Products affected by CVE-2018-4213
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-4213
0.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4213
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-4213
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4213
-
https://support.apple.com/HT208695,
Page Not Found - Official Apple SupportBroken Link;Vendor Advisory
-
https://security.gentoo.org/glsa/201812-04
WebkitGTK+: Multiple vulnerabilities (GLSA 201812-04) — Gentoo securityThird Party Advisory
-
https://support.apple.com/HT208693,https://support.apple.com/HT208698,
Page Not Found - Official Apple SupportBroken Link;Not Applicable;Vendor Advisory
-
https://usn.ubuntu.com/3781-1/
USN-3781-1: WebKitGTK+ vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://support.apple.com/HT208697,
Page Not Found - Official Apple SupportBroken Link;Vendor Advisory
-
https://support.apple.com/HT208694
About the security content of iTunes 12.7.4 for Windows - Apple SupportVendor Advisory
-
https://support.apple.com/HT208696,
Page Not Found - Official Apple SupportBroken Link;Vendor Advisory
Jump to