Remote Code Execution Vulnerability in Apple iOS, macOS, and Safari Products
CVE-2018-4088

8.8HIGH

Key Information:

Vendor
Apple
Status
iPhone OS
Mac Os X
Apple Tv
Watch OS
Vendor
CVE Published:
3 April 2018

Summary

A vulnerability in the WebKit component of various Apple products allows remote attackers to execute arbitrary code or induce denial of service through specially crafted websites, affecting iOS, macOS, Safari, iCloud for Windows, iTunes for Windows, tvOS, and watchOS. Proper mitigation is crucial for protecting user data and system integrity.

References

https://support.apple.com/HT208462
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040266
vdb-entryx_refsource_SECTRACK
https://support.apple.com/HT208465
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.