CVE-2018-4263 – Apple Safari InputType Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4263
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1, Safari en versiones anteriores a la 11.1.2, iTunes para Windows en versiones anteriores a la 12.8 y iCloud para Windows en versiones anteriores a la 7.6. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208933 https://support.apple.com/kb/HT208934 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4284
https://notcve.org/view.php?id=CVE-2018-4284
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Un problema de confusión de tipo se abordó con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1, watchOS en versiones anteriores a la 4.3.2, Safari en versiones anteriores a la 11.1.2, iTunes para Windows en versiones anteriores a la 12.8 y iCloud para Windows en versiones anteriores a la 7.6. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208933 https://support.apple.com/kb/HT208934 https://support.apple.com/kb/HT208935 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2018-4267 – Apple Safari HTMLFormElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4267
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Se abordaron múltiples problemas de corrupción de memoria con una gestión de memoria mejorada. El problema afectaba a iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1, Safari en versiones anteriores a la 11.1.2, iTunes para Windows en versiones anteriores a la 12.8 y iCloud para Windows en versiones anteriores a la 7.6. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. • https://support.apple.com/kb/HT208932 https://support.apple.com/kb/HT208933 https://support.apple.com/kb/HT208934 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4282
https://notcve.org/view.php?id=CVE-2018-4282
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2. Existía un problema de lectura fuera de límites que conducía a la divulgación de memoria del kernel. Este problema se abordó con una validación de entradas mejorada. • https://support.apple.com/kb/HT208935 https://support.apple.com/kb/HT208936 https://support.apple.com/kb/HT208938 • CWE-125: Out-of-bounds Read •
CVE-2018-4262 – Apple Safari RegExp Exec Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4262
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. En Safari en versiones anteriores a la 11.1.2, iTunes en versiones anteriores a la 12.8 para Windows, iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1 e iCloud para Windows en versiones anteriores a la 7.6, se abordaron múltiples problemas de corrupción de memoria mediante la mejora de la gestión de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RegExp's exec method in JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. • http://www.securitytracker.com/id/1041232 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208934%2C https://support.apple.com/HT208935 https://support.apple.com/HT208938%2C https://usn.ubuntu.com/3743-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •