CVE-2018-4210
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
En iOS en versiones anteriores a la 11.3, Safari en versiones anteriores a la 11.1, tvOS en versiones anteriores a la 11.3, watchOS en versiones anteriores a la 4.3 e iTunes en versiones anteriores a la 12.7.4 para Windows, existía un problema de indexación de arrays en el manejo de una función en el núcleo de JavaScript. Este problema se abordó mediante la mejora de las comprobaciones.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-02 CVE Reserved
- 2018-10-01 CVE Published
- 2024-06-03 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://support.apple.com/HT208693%2C | X_refsource_misc |
|
| https://support.apple.com/HT208694%2C | X_refsource_misc |
|
| https://support.apple.com/HT208695%2C | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201812-04 | 2023-11-07 | |
| https://support.apple.com/HT208698 | 2023-11-07 | |
| https://usn.ubuntu.com/3781-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Itunes Search vendor "Apple" for product "Itunes" | < 12.7.4 Search vendor "Apple" for product "Itunes" and version " < 12.7.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | < 11.1 Search vendor "Apple" for product "Safari" and version " < 11.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 11.3 Search vendor "Apple" for product "Iphone Os" and version " < 11.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 11.3 Search vendor "Apple" for product "Tvos" and version " < 11.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 4.3 Search vendor "Apple" for product "Watchos" and version " < 4.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Webkitgtk Search vendor "Webkitgtk" | Webkitgtk\+ Search vendor "Webkitgtk" for product "Webkitgtk\+" | < 2.22.0 Search vendor "Webkitgtk" for product "Webkitgtk\+" and version " < 2.22.0" | - |
Affected
| ||||||