CVE-2018-4233 – Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4233
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://www.exploit-db.com/exploits/45998 http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html http://www.securitytracker.com/id/1041029 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 https://usn.ubuntu.com/3687-1 https://github.com/sa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4190
https://notcve.org/view.php?id=CVE-2018-4190
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1041029 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 https://usn.ubuntu.com/3687-1 • CWE-522: Insufficiently Protected Credentials •
CVE-2018-4246
https://notcve.org/view.php?id=CVE-2018-4246
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1041029 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 https://usn.ubuntu.com/3743-1 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2018-4201
https://notcve.org/view.php?id=CVE-2018-4201
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • http://www.securitytracker.com/id/1041029 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-4222 – WebKit - WebAssembly Compilation Info Leak
https://notcve.org/view.php?id=CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. Se ha descubierto un problema en algunos productos Apple. • https://www.exploit-db.com/exploits/44859 http://www.securitytracker.com/id/1041029 https://bugs.chromium.org/p/project-zero/issues/detail?id=1545 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208848 https://support.apple.com/HT208850 https://support.apple.com/HT208851 https://support.apple.com/HT208852 https://support.apple.com/HT208853 https://support.apple.com/HT208854 https://usn.ubuntu.com/3687-1 • CWE-125: Out-of-bounds Read •