openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)

2019-01-22T00:00:00

Description

This update for webkit2gtk3 to version 2.22.4 fixes the following issues : Security issues fixed : CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update update project.

{"id": "OPENSUSE-2019-68.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update update project.", "published": "2019-01-22T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/121291", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4209", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4299", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4392", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4358", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4373", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4267", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4212", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4263", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4191", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4316", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4273", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4361", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4197", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4264", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4315", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4207", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4314", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4262", "https://bugzilla.opensuse.org/show_bug.cgi?id=1116998", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4213", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4318", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4359", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4208", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4382", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4319", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4210", "https://bugzilla.opensuse.org/show_bug.cgi?id=1110279", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4317", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4270", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4312", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4261", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4328", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4323", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4278", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4284", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4345", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4372", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4376", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4375", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4416", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4266", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4306", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4272"], "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "immutableFields": [], "lastseen": "2022-06-16T16:11:04", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:17C608E2C103690298834FEC459F2960", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:4F18D4C9912459DD113CA737563EA768", "APPLE:4FFA75364DF223AAC40258980F223476", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:73540310153AD01F113FB2799B0DF642", "APPLE:77097C057D2AD63B16D78754E8FA3E5D", "APPLE:7DF25A6F86C7BE97C428879F39374B4D", "APPLE:80F205F5E8A723A8899FE7CE7D761778", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:8CB247B18F47EA0CF69B5669B06D8473", "APPLE:95BC210DA5C57E5032BDB392962096A3", "APPLE:96590006FAF6A64CD43D6AC6A40145E8", "APPLE:AB25A7A64582170A3171E4E960BCF621", "APPLE:B349435C870C5C95E8A00FFC3E3E648E", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:C4141CDD7926D4083DD6196FC2A479C0", "APPLE:D17905765727DBA1F818A539B231771B", "APPLE:DAAD09F066E4072297938AF9D44AFD8C", "APPLE:E6562A443B7DE882FE6DB7BD64EBE1E5", "APPLE:F52BBE9E38D36E50FE361A61D2A33D59", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:F907B2739AEB3011F5D0E50C8CB626CC", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT208932", "APPLE:HT208933", "APPLE:HT208934", "APPLE:HT208935", "APPLE:HT208936", "APPLE:HT208938", "APPLE:HT209106", "APPLE:HT209107", "APPLE:HT209108", "APPLE:HT209109", "APPLE:HT209140", "APPLE:HT209141", "APPLE:HT209192", "APPLE:HT209194", "APPLE:HT209195", "APPLE:HT209196", "APPLE:HT209197", "APPLE:HT209198"]}, {"type": "archlinux", "idList": ["ASA-201811-20"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1001", "CPAI-2018-1002", "CPAI-2018-1003", "CPAI-2018-1004", "CPAI-2018-1005", "CPAI-2018-1006", "CPAI-2018-1013", "CPAI-2018-1014", "CPAI-2018-1015", "CPAI-2018-1407", "CPAI-2018-1413"]}, {"type": "cve", "idList": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-4191", "DEBIANCVE:CVE-2018-4197", "DEBIANCVE:CVE-2018-4207", "DEBIANCVE:CVE-2018-4208", "DEBIANCVE:CVE-2018-4209", "DEBIANCVE:CVE-2018-4210", "DEBIANCVE:CVE-2018-4212", "DEBIANCVE:CVE-2018-4213", "DEBIANCVE:CVE-2018-4261", "DEBIANCVE:CVE-2018-4262", "DEBIANCVE:CVE-2018-4263", "DEBIANCVE:CVE-2018-4264", "DEBIANCVE:CVE-2018-4265", "DEBIANCVE:CVE-2018-4266", "DEBIANCVE:CVE-2018-4267", "DEBIANCVE:CVE-2018-4270", "DEBIANCVE:CVE-2018-4272", "DEBIANCVE:CVE-2018-4273", "DEBIANCVE:CVE-2018-4278", "DEBIANCVE:CVE-2018-4284", "DEBIANCVE:CVE-2018-4299", "DEBIANCVE:CVE-2018-4306", "DEBIANCVE:CVE-2018-4309", "DEBIANCVE:CVE-2018-4312", "DEBIANCVE:CVE-2018-4314", "DEBIANCVE:CVE-2018-4315", "DEBIANCVE:CVE-2018-4316", "DEBIANCVE:CVE-2018-4317", "DEBIANCVE:CVE-2018-4318", "DEBIANCVE:CVE-2018-4319", "DEBIANCVE:CVE-2018-4323", "DEBIANCVE:CVE-2018-4328", "DEBIANCVE:CVE-2018-4345", "DEBIANCVE:CVE-2018-4358", "DEBIANCVE:CVE-2018-4359", "DEBIANCVE:CVE-2018-4361", "DEBIANCVE:CVE-2018-4372", "DEBIANCVE:CVE-2018-4373", "DEBIANCVE:CVE-2018-4375", "DEBIANCVE:CVE-2018-4376", "DEBIANCVE:CVE-2018-4378", "DEBIANCVE:CVE-2018-4382", "DEBIANCVE:CVE-2018-4386", "DEBIANCVE:CVE-2018-4392", "DEBIANCVE:CVE-2018-4416"]}, {"type": "exploitdb", "idList": ["EDB-ID:47893"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C55E66DF7486CB202C70C12E1BF93271"]}, {"type": "fedora", "idList": ["FEDORA:D4D3C619EB1C", "FEDORA:F2883601C687"]}, {"type": "gentoo", "idList": ["GLSA-201808-04", "GLSA-201812-04"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3CA4D30640364D41657F0CD0BDC069DE"]}, {"type": "kaspersky", "idList": ["KLA11281", "KLA11292", "KLA11323", "KLA11343"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "mageia", "idList": ["MGASA-2018-0382"]}, {"type": "nessus", "idList": ["700504.PRM", "700505.PRM", "700506.PRM", "700551.PRM", "700552.PRM", "700554.PRM", "APPLETV_11_4_1.NASL", "APPLETV_12_1.NASL", "APPLE_IOS_113_CHECK.NBIN", "APPLE_IOS_1141_CHECK.NBIN", "APPLE_IOS_120_CHECK.NBIN", "APPLE_IOS_121_CHECK.NBIN", "FEDORA_2018-509FC4A5C8.NASL", "FEDORA_2018-A1F37D2F08.NASL", "GENTOO_GLSA-201808-04.NASL", "GENTOO_GLSA-201812-04.NASL", "ITUNES_12_8.NASL", "ITUNES_12_8_BANNER.NASL", "ITUNES_12_9.NASL", "ITUNES_12_9_1.NASL", "ITUNES_12_9_1_BANNER.NASL", "ITUNES_12_9_BANNER.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SAFARI11_1_2.NASL", "MACOSX_SAFARI12.NASL", "MACOSX_SAFARI12_0_1.NASL", "OPENSUSE-2018-1025.NASL", "OPENSUSE-2019-705.NASL", "OPENSUSE-2019-81.NASL", "SUSE_SU-2018-2752-1.NASL", "SUSE_SU-2019-0059-1.NASL", "SUSE_SU-2019-0092-1.NASL", "UBUNTU_USN-3743-1.NASL", "UBUNTU_USN-3781-1.NASL", "UBUNTU_USN-3828-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813558", "OPENVAS:1361412562310813559", "OPENVAS:1361412562310813633", "OPENVAS:1361412562310814073", "OPENVAS:1361412562310814149", "OPENVAS:1361412562310814308", "OPENVAS:1361412562310814320", "OPENVAS:1361412562310814321", "OPENVAS:1361412562310843618", "OPENVAS:1361412562310843650", "OPENVAS:1361412562310843832", "OPENVAS:1361412562310852082", "OPENVAS:1361412562310852248", "OPENVAS:1361412562310875293", "OPENVAS:1361412562310876142"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149547", "PACKETSTORM:149548", "PACKETSTORM:149549", "PACKETSTORM:149550", "PACKETSTORM:149551", "PACKETSTORM:149552", "PACKETSTORM:149553", "PACKETSTORM:149554", "PACKETSTORM:149555", "PACKETSTORM:150528", "PACKETSTORM:150529", "PACKETSTORM:150531", "PACKETSTORM:155871"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2781-1", "OPENSUSE-SU-2019:0068-1", "OPENSUSE-SU-2019:0081-1"]}, {"type": "ubuntu", "idList": ["USN-3743-1", "USN-3781-1", "USN-3828-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4191", "UB:CVE-2018-4197", "UB:CVE-2018-4207", "UB:CVE-2018-4208", "UB:CVE-2018-4209", "UB:CVE-2018-4210", "UB:CVE-2018-4212", "UB:CVE-2018-4213", "UB:CVE-2018-4261", "UB:CVE-2018-4262", "UB:CVE-2018-4263", "UB:CVE-2018-4264", "UB:CVE-2018-4265", "UB:CVE-2018-4266", "UB:CVE-2018-4267", "UB:CVE-2018-4270", "UB:CVE-2018-4272", "UB:CVE-2018-4273", "UB:CVE-2018-4278", "UB:CVE-2018-4284", "UB:CVE-2018-4299", "UB:CVE-2018-4306", "UB:CVE-2018-4309", "UB:CVE-2018-4312", "UB:CVE-2018-4314", "UB:CVE-2018-4315", "UB:CVE-2018-4316", "UB:CVE-2018-4317", "UB:CVE-2018-4318", "UB:CVE-2018-4319", "UB:CVE-2018-4323", "UB:CVE-2018-4328", "UB:CVE-2018-4345", "UB:CVE-2018-4358", "UB:CVE-2018-4359", "UB:CVE-2018-4361", "UB:CVE-2018-4372", "UB:CVE-2018-4373", "UB:CVE-2018-4375", "UB:CVE-2018-4376", "UB:CVE-2018-4378", "UB:CVE-2018-4382", "UB:CVE-2018-4386", "UB:CVE-2018-4392", "UB:CVE-2018-4416"]}, {"type": "zdi", "idList": ["ZDI-18-1081", "ZDI-18-1082", "ZDI-18-1083", "ZDI-18-1323", "ZDI-18-1332", "ZDI-18-1335", "ZDI-18-601", "ZDI-18-603", "ZDI-18-604", "ZDI-18-605", "ZDI-18-606"]}, {"type": "zdt", "idList": ["1337DAY-ID-31202", "1337DAY-ID-31203", "1337DAY-ID-31204", "1337DAY-ID-31205", "1337DAY-ID-31206", "1337DAY-ID-31207", "1337DAY-ID-31208", "1337DAY-ID-31209", "1337DAY-ID-31210", "1337DAY-ID-31696", "1337DAY-ID-31697", "1337DAY-ID-31698", "1337DAY-ID-33755"]}]}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:17C608E2C103690298834FEC459F2960", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:4FFA75364DF223AAC40258980F223476", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:73540310153AD01F113FB2799B0DF642", "APPLE:77097C057D2AD63B16D78754E8FA3E5D", "APPLE:7DF25A6F86C7BE97C428879F39374B4D", "APPLE:80F205F5E8A723A8899FE7CE7D761778", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:8CB247B18F47EA0CF69B5669B06D8473", "APPLE:96590006FAF6A64CD43D6AC6A40145E8", "APPLE:AB25A7A64582170A3171E4E960BCF621", "APPLE:B349435C870C5C95E8A00FFC3E3E648E", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:C4141CDD7926D4083DD6196FC2A479C0", "APPLE:D17905765727DBA1F818A539B231771B", "APPLE:DAAD09F066E4072297938AF9D44AFD8C", "APPLE:F52BBE9E38D36E50FE361A61D2A33D59", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:F907B2739AEB3011F5D0E50C8CB626CC", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT208932", "APPLE:HT208933", "APPLE:HT208934", "APPLE:HT208935", "APPLE:HT208936", "APPLE:HT208938", "APPLE:HT209109", "APPLE:HT209140", "APPLE:HT209141", "APPLE:HT209192", "APPLE:HT209194", "APPLE:HT209195", "APPLE:HT209196", "APPLE:HT209197", "APPLE:HT209198"]}, {"type": "archlinux", "idList": ["ASA-201811-20"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1001", "CPAI-2018-1002", "CPAI-2018-1003", "CPAI-2018-1004", "CPAI-2018-1005", "CPAI-2018-1006", "CPAI-2018-1013", "CPAI-2018-1014", "CPAI-2018-1015", "CPAI-2018-1407", "CPAI-2018-1413"]}, {"type": "cve", "idList": ["CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4262", "CVE-2018-4278"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-4191", "DEBIANCVE:CVE-2018-4197", "DEBIANCVE:CVE-2018-4207", "DEBIANCVE:CVE-2018-4208", "DEBIANCVE:CVE-2018-4209", "DEBIANCVE:CVE-2018-4210", "DEBIANCVE:CVE-2018-4212", "DEBIANCVE:CVE-2018-4213", "DEBIANCVE:CVE-2018-4261", "DEBIANCVE:CVE-2018-4262", "DEBIANCVE:CVE-2018-4263", "DEBIANCVE:CVE-2018-4264", "DEBIANCVE:CVE-2018-4265", "DEBIANCVE:CVE-2018-4266", "DEBIANCVE:CVE-2018-4267", "DEBIANCVE:CVE-2018-4270", "DEBIANCVE:CVE-2018-4272", "DEBIANCVE:CVE-2018-4273", "DEBIANCVE:CVE-2018-4278", "DEBIANCVE:CVE-2018-4284", "DEBIANCVE:CVE-2018-4299", "DEBIANCVE:CVE-2018-4306", "DEBIANCVE:CVE-2018-4309", "DEBIANCVE:CVE-2018-4312", "DEBIANCVE:CVE-2018-4314", "DEBIANCVE:CVE-2018-4315", "DEBIANCVE:CVE-2018-4316", "DEBIANCVE:CVE-2018-4317", "DEBIANCVE:CVE-2018-4318", "DEBIANCVE:CVE-2018-4319", "DEBIANCVE:CVE-2018-4323", "DEBIANCVE:CVE-2018-4328", "DEBIANCVE:CVE-2018-4345", "DEBIANCVE:CVE-2018-4358", "DEBIANCVE:CVE-2018-4359", "DEBIANCVE:CVE-2018-4361", "DEBIANCVE:CVE-2018-4372", "DEBIANCVE:CVE-2018-4373", "DEBIANCVE:CVE-2018-4375", "DEBIANCVE:CVE-2018-4376", "DEBIANCVE:CVE-2018-4378", "DEBIANCVE:CVE-2018-4382", "DEBIANCVE:CVE-2018-4386", "DEBIANCVE:CVE-2018-4392", "DEBIANCVE:CVE-2018-4416"]}, {"type": "exploitdb", "idList": ["EDB-ID:47893"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C55E66DF7486CB202C70C12E1BF93271"]}, {"type": "fedora", "idList": ["FEDORA:D4D3C619EB1C", "FEDORA:F2883601C687"]}, {"type": "gentoo", "idList": ["GLSA-201808-04"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3CA4D30640364D41657F0CD0BDC069DE"]}, {"type": "kaspersky", "idList": ["KLA11281", "KLA11323"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-ITUNES-CVE-2018-4265/"]}, {"type": "nessus", "idList": ["APPLETV_11_4_1.NASL", "FEDORA_2018-509FC4A5C8.NASL", "FEDORA_2018-A1F37D2F08.NASL", "GENTOO_GLSA-201808-04.NASL", "ITUNES_12_8.NASL", "ITUNES_12_9.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SAFARI11_1_2.NASL", "MACOSX_SAFARI12.NASL", "OPENSUSE-2018-1025.NASL", "SUSE_SU-2018-2752-1.NASL", "SUSE_SU-2019-0059-1.NASL", "SUSE_SU-2019-0092-1.NASL", "UBUNTU_USN-3743-1.NASL", "UBUNTU_USN-3781-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813558", "OPENVAS:1361412562310813559", "OPENVAS:1361412562310813633"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149547", "PACKETSTORM:149548", "PACKETSTORM:149549", "PACKETSTORM:149550", "PACKETSTORM:149551", "PACKETSTORM:149552", "PACKETSTORM:149553", "PACKETSTORM:149554", "PACKETSTORM:149555", "PACKETSTORM:155871"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2781-1"]}, {"type": "ubuntu", "idList": ["USN-3743-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4191", "UB:CVE-2018-4197", "UB:CVE-2018-4207", "UB:CVE-2018-4208", "UB:CVE-2018-4209", "UB:CVE-2018-4210", "UB:CVE-2018-4212", "UB:CVE-2018-4213", "UB:CVE-2018-4261", "UB:CVE-2018-4262", "UB:CVE-2018-4263", "UB:CVE-2018-4264", "UB:CVE-2018-4265", "UB:CVE-2018-4266", "UB:CVE-2018-4267", "UB:CVE-2018-4270", "UB:CVE-2018-4272", "UB:CVE-2018-4273", "UB:CVE-2018-4278", "UB:CVE-2018-4284", "UB:CVE-2018-4299", "UB:CVE-2018-4306", "UB:CVE-2018-4309", "UB:CVE-2018-4312", "UB:CVE-2018-4314", "UB:CVE-2018-4315", "UB:CVE-2018-4316", "UB:CVE-2018-4317", "UB:CVE-2018-4318", "UB:CVE-2018-4319", "UB:CVE-2018-4323", "UB:CVE-2018-4328", "UB:CVE-2018-4345", "UB:CVE-2018-4358", "UB:CVE-2018-4359", "UB:CVE-2018-4361", "UB:CVE-2018-4372", "UB:CVE-2018-4373", "UB:CVE-2018-4375", "UB:CVE-2018-4376", "UB:CVE-2018-4378", "UB:CVE-2018-4382", "UB:CVE-2018-4386", "UB:CVE-2018-4392", "UB:CVE-2018-4416"]}, {"type": "zdi", "idList": ["ZDI-18-1082", "ZDI-18-1332", "ZDI-18-1335", "ZDI-18-601", "ZDI-18-603", "ZDI-18-604"]}, {"type": "zdt", "idList": ["1337DAY-ID-31202", "1337DAY-ID-31203", "1337DAY-ID-31204", "1337DAY-ID-31205", "1337DAY-ID-31206", "1337DAY-ID-31207", "1337DAY-ID-31208", "1337DAY-ID-31209", "1337DAY-ID-31210", "1337DAY-ID-33755"]}]}, "exploitation": null, "vulnersScore": -0.5}, "_state": {"dependencies": 1659980328, "score": 1659956764}, "_internal": {"score_hash": "85702c0f730fd8dfabaec4fcf8da12aa"}, "pluginID": "121291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-68.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121291);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)\");\n script_summary(english:\"Check for the openSUSE-2019-68 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update\nupdate project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "solution": "Update the affected webkit2gtk3 packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-01-21T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2022-06-16T16:14:04", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4263/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4266/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190059-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?987bc725\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-59=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-59=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:47", "description": "The remote host is affected by the vulnerability described in GLSA-201812-04 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-03T00:00:00", "type": "nessus", "title": "GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-04-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201812-04.NASL", "href": "https://www.tenable.com/plugins/nessus/119323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201812-04.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119323);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/30 14:30:16\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"GLSA\", value:\"201812-04\");\n\n script_name(english:\"GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201812-04\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of\n Service condition via maliciously crafted web content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201812-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.22.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.22.0\"), vulnerable:make_list(\"lt 2.22.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:50", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3781-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3781-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117914);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"USN\", value:\"3781-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3781-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:31", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/117879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117879);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"Apple iTunes < 12.9 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\n\napp = 'iTunes DAAP';\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\n\nconstraints = [{'fixed_version':'12.9'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:44", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9.NASL", "href": "https://www.tenable.com/plugins/nessus/117880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117880);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9. It is, therefore, affected by multiple vulnerabilities \nas referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.9\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:11:21", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0092-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121206);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\nCVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\nCVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\nCVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\nCVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\nCVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\nCVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\nCVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\nbsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190092-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c8c2c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-92=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-92=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-92=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:14:40", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-81.NASL", "href": "https://www.tenable.com/plugins/nessus/121339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121339);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)\");\n script_summary(english:\"Check for the openSUSE-2019-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386,\n CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,\n CVE-2018-4382, CVE-2018-4392, CVE-2018-4416,\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312,\n CVE-2018-4314, CVE-2018-4315, CVE-2018-4316,\n CVE-2018-4317, CVE-2018-4318, CVE-2018-4319,\n CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373,\n CVE-2018-4162, CVE-2018-4163, CVE-2018-4165,\n CVE-2018-11713, CVE-2018-4207, CVE-2018-4208,\n CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:13", "description": "The version of Apple Safari installed on the remote host is prior to 12. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4311", "CVE-2018-4195", "CVE-2018-4307", "CVE-2018-4360", "CVE-2018-4329"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700505.PRM", "href": "https://www.tenable.com/plugins/nnm/700505", "sourceData": "Binary data 700505.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:07", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-09-20T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4195", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI12.NASL", "href": "https://www.tenable.com/plugins/nessus/117617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117617);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4195\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4307\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4329\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4360\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"macOS : Apple Safari < 12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X \nhost is prior to 12. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209109\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.0\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:33", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3743-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12911", "CVE-2018-4246", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/111843", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3743-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111843);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4246\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n script_xref(name:\"USN\", value:\"3743-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3743-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3743-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.5-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.5-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.5-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.5-0ubuntu0.18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:02", "description": "This update for webkit2gtk3 to version 2.20.5 fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999).\n\nCVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution.\nA memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.\n\nCVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nOther bugs fixed: Fix rendering artifacts in some websites due to a bug introduced in 2.20.4.\n\nFix a crash when leaving accelerated compositing mode.\n\nFix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2752-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12911", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2752-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120100);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4271\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2752-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.20.5 fixes the following\nissues :\n\nSecurity issue fixed :\n\nCVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs\n(bsc#1101999).\n\nCVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264,\nCVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing\nmaliciously crafted web content may lead to arbitrary code execution.\nA memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4266: A malicious website may be able to cause a denial of\nservice. A race condition was addressed with additional validation.\n\nCVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously\ncrafted web content may lead to an unexpected application crash. A\nmemory corruption issue was addressed with improved input validation.\n\nCVE-2018-4278: A malicious website may exfiltrate audio data\ncross-origin. Sound fetched through audio elements may be exfiltrated\ncross-origin. This issue was addressed with improved audio taint\ntracking.\n\nOther bugs fixed: Fix rendering artifacts in some websites due to a\nbug introduced in 2.20.4.\n\nFix a crash when leaving accelerated compositing mode.\n\nFix non-deterministic build failure due to missing\nJavaScriptCore/JSContextRef.h.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4263/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4266/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4271/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4284/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182752-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a72486d2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2018-1921=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1921=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.20.5-3.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.20.5-3.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:45", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.8. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208933 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.8 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_8_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/117878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117878);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4261\",\n \"CVE-2018-4262\",\n \"CVE-2018-4263\",\n \"CVE-2018-4264\",\n \"CVE-2018-4265\",\n \"CVE-2018-4266\",\n \"CVE-2018-4267\",\n \"CVE-2018-4270\",\n \"CVE-2018-4271\",\n \"CVE-2018-4272\",\n \"CVE-2018-4273\",\n \"CVE-2018-4278\",\n \"CVE-2018-4284\",\n \"CVE-2018-4293\"\n );\n script_bugtraq_id(\n 104844,\n 542127,\n 542130,\n 542207\n );\n\n script_name(english:\"Apple iTunes < 12.8 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.8. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208933 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT208933\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.8\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:46", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.8. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208933 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-16T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.8 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_8.NASL", "href": "https://www.tenable.com/plugins/nessus/111105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111105);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4261\",\n \"CVE-2018-4262\",\n \"CVE-2018-4263\",\n \"CVE-2018-4264\",\n \"CVE-2018-4265\",\n \"CVE-2018-4266\",\n \"CVE-2018-4267\",\n \"CVE-2018-4270\",\n \"CVE-2018-4271\",\n \"CVE-2018-4272\",\n \"CVE-2018-4273\",\n \"CVE-2018-4278\",\n \"CVE-2018-4284\",\n \"CVE-2018-4293\"\n );\n script_bugtraq_id(\n 104844,\n 542127,\n 542130,\n 542207\n );\n\n script_name(english:\"Apple iTunes < 12.8 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.8. It is, therefore, affected by multiple vulnerabilities \nas referenced in the HT208933 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT208933\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.8\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:12", "description": "This update for webkit2gtk3 to version 2.20.5 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999).\n\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.\n\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.\n\n - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nOther bugs fixed :\n\n - Fix rendering artifacts in some websites due to a bug introduced in 2.20.4.\n\n - Fix a crash when leaving accelerated compositing mode.\n\n - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12911", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1025.NASL", "href": "https://www.tenable.com/plugins/nessus/117656", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1025.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117656);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4271\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1025)\");\n script_summary(english:\"Check for the openSUSE-2018-1025 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.5 fixes the following\nissues :\n\nSecurity issue fixed :\n\n - CVE-2018-12911: Fix off-by-one in\n xdg_mime_get_simple_globs (bsc#1101999).\n\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,\n CVE-2018-4264, CVE-2018-4265, CVE-2018-4267,\n CVE-2018-4272, CVE-2018-4284: Processing maliciously\n crafted web content may lead to arbitrary code\n execution. A memory corruption issue was addressed with\n improved memory handling.\n\n - CVE-2018-4266: A malicious website may be able to cause\n a denial of service. A race condition was addressed with\n additional validation.\n\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing\n maliciously crafted web content may lead to an\n unexpected application crash. A memory corruption issue\n was addressed with improved input validation.\n\n - CVE-2018-4278: A malicious website may exfiltrate audio\n data cross-origin. Sound fetched through audio elements\n may be exfiltrated cross-origin. This issue was\n addressed with improved audio taint tracking.\n\nOther bugs fixed :\n\n - Fix rendering artifacts in some websites due to a bug\n introduced in 2.20.4.\n\n - Fix a crash when leaving accelerated compositing mode.\n\n - Fix non-deterministic build failure due to missing\n JavaScriptCore/JSContextRef.h.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:02", "description": "This update for webkit2gtk3 to version 2.20.5 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999).\n\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation.\n\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation.\n\n - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nOther bugs fixed :\n\n - Fix rendering artifacts in some websites due to a bug introduced in 2.20.4.\n\n - Fix a crash when leaving accelerated compositing mode.\n\n - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12911", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-705.NASL", "href": "https://www.tenable.com/plugins/nessus/123306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-705.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123306);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4271\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-705)\");\n script_summary(english:\"Check for the openSUSE-2019-705 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.5 fixes the following\nissues :\n\nSecurity issue fixed :\n\n - CVE-2018-12911: Fix off-by-one in\n xdg_mime_get_simple_globs (bsc#1101999).\n\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,\n CVE-2018-4264, CVE-2018-4265, CVE-2018-4267,\n CVE-2018-4272, CVE-2018-4284: Processing maliciously\n crafted web content may lead to arbitrary code\n execution. A memory corruption issue was addressed with\n improved memory handling.\n\n - CVE-2018-4266: A malicious website may be able to cause\n a denial of service. A race condition was addressed with\n additional validation.\n\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing\n maliciously crafted web content may lead to an\n unexpected application crash. A memory corruption issue\n was addressed with improved input validation.\n\n - CVE-2018-4278: A malicious website may exfiltrate audio\n data cross-origin. Sound fetched through audio elements\n may be exfiltrated cross-origin. This issue was\n addressed with improved audio taint tracking.\n\nOther bugs fixed :\n\n - Fix rendering artifacts in some websites due to a bug\n introduced in 2.20.4.\n\n - Fix a crash when leaving accelerated compositing mode.\n\n - Fix non-deterministic build failure due to missing\n JavaScriptCore/JSContextRef.h.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.20.5-lp150.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.20.5-lp150.2.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The version of Apple Safari installed on the remote host is prior to 11.1.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4260", "CVE-2018-4274", "CVE-2018-4279"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700504.PRM", "href": "https://www.tenable.com/plugins/nnm/700504", "sourceData": "Binary data 700504.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:31:49", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1.2. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-16T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4260", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4274", "CVE-2018-4278", "CVE-2018-4279", "CVE-2018-4284"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/111109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111109);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4260\",\n \"CVE-2018-4261\",\n \"CVE-2018-4262\",\n \"CVE-2018-4263\",\n \"CVE-2018-4264\",\n \"CVE-2018-4265\",\n \"CVE-2018-4266\",\n \"CVE-2018-4267\",\n \"CVE-2018-4270\",\n \"CVE-2018-4271\",\n \"CVE-2018-4272\",\n \"CVE-2018-4273\",\n \"CVE-2018-4274\",\n \"CVE-2018-4278\",\n \"CVE-2018-4279\",\n \"CVE-2018-4284\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-7-9-5\");\n\n script_name(english:\"macOS : Apple Safari < 11.1.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1.2. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208695 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208934\");\n # https://lists.apple.com/archives/security-announce/2018/Jul/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31e9009b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"11.1.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report, xss:TRUE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:31:04", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI12_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/118571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118571);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4372\",\n \"CVE-2018-4373\",\n \"CVE-2018-4374\",\n \"CVE-2018-4375\",\n \"CVE-2018-4376\",\n \"CVE-2018-4377\",\n \"CVE-2018-4378\",\n \"CVE-2018-4382\",\n \"CVE-2018-4386\",\n \"CVE-2018-4392\",\n \"CVE-2018-4409\",\n \"CVE-2018-4416\"\n );\n\n script_name(english:\"macOS : Apple Safari < 12.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209196\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4416\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13|14)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13 / macOS Mojave 10.14\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report, xss:TRUE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:13", "description": "The version of Apple Safari installed on the remote host is prior to 12.0.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4373", "CVE-2018-4376", "CVE-2018-4372", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4378", "CVE-2018-4377", "CVE-2018-4382", "CVE-2018-4409", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4386"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700506.PRM", "href": "https://www.tenable.com/plugins/nnm/700506", "sourceData": "Binary data 700506.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:43", "description": "According to its banner, the version of Apple TV on the remote device is prior to 11.4.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208936 security advisory.\n\nNote that only 4th and 5th generation models are affected by these vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-16T00:00:00", "type": "nessus", "title": "Apple TV < 11.4.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4248", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4277", "CVE-2018-4278", "CVE-2018-4280", "CVE-2018-4282", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/111110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111110);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4248\",\n \"CVE-2018-4261\",\n \"CVE-2018-4262\",\n \"CVE-2018-4263\",\n \"CVE-2018-4264\",\n \"CVE-2018-4265\",\n \"CVE-2018-4266\",\n \"CVE-2018-4267\",\n \"CVE-2018-4270\",\n \"CVE-2018-4271\",\n \"CVE-2018-4272\",\n \"CVE-2018-4273\",\n \"CVE-2018-4277\",\n \"CVE-2018-4278\",\n \"CVE-2018-4280\",\n \"CVE-2018-4282\",\n \"CVE-2018-4284\",\n \"CVE-2018-4293\"\n );\n script_bugtraq_id(\n 103957,\n 103958,\n 103961,\n 104378\n );\n\n script_name(english:\"Apple TV < 11.4.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.4.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208936 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208936\");\n # https://lists.apple.com/archives/security-announce/2018/Jul/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf6d645c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.4.1 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15M73\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_WARNING\n);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:33:58", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209197 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9.1 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_1.NASL", "href": "https://www.tenable.com/plugins/nessus/118718", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118718);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4372\",\n \"CVE-2018-4373\",\n \"CVE-2018-4374\",\n \"CVE-2018-4375\",\n \"CVE-2018-4376\",\n \"CVE-2018-4377\",\n \"CVE-2018-4378\",\n \"CVE-2018-4382\",\n \"CVE-2018-4386\",\n \"CVE-2018-4392\",\n \"CVE-2018-4394\",\n \"CVE-2018-4398\",\n \"CVE-2018-4409\",\n \"CVE-2018-4416\"\n );\n\n script_name(english:\"Apple iTunes < 12.9.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9.1. It is, therefore, affected by multiple vulnerabilities \nas referenced in the HT209197 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209197\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4416\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.9.1\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:33:35", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209197 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9.1 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/118717", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118717);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4372\",\n \"CVE-2018-4373\",\n \"CVE-2018-4374\",\n \"CVE-2018-4375\",\n \"CVE-2018-4376\",\n \"CVE-2018-4377\",\n \"CVE-2018-4378\",\n \"CVE-2018-4382\",\n \"CVE-2018-4386\",\n \"CVE-2018-4392\",\n \"CVE-2018-4394\",\n \"CVE-2018-4398\",\n \"CVE-2018-4409\",\n \"CVE-2018-4416\"\n );\n\n script_name(english:\"Apple iTunes < 12.9.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9.1. It is, therefore, affected by multiple vulnerabilities \nas referenced in the HT209197 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209197\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4416\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.9.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple iOS running on the mobile device is prior to 11.4.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.4.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4275", "CVE-2018-4280", "CVE-2018-4260", "CVE-2018-4274", "CVE-2018-4282", "CVE-2018-4248", "CVE-2018-4290", "CVE-2018-4293", "CVE-2018-4277"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700551.PRM", "href": "https://www.tenable.com/plugins/nnm/700551", "sourceData": "Binary data 700551.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:33:57", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3828-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4345", "CVE-2018-4372", "CVE-2018-4386"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3828-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119255", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3828-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119255);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-4345\", \"CVE-2018-4372\", \"CVE-2018-4386\");\n script_xref(name:\"USN\", value:\"3828-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 18.10 : WebKitGTK+ vulnerabilities (USN-3828-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3828-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.22.4-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.22.4-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.22.4-0ubuntu0.18.10.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.22.4-0ubuntu0.18.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T17:55:37", "description": "The version of Apple iOS running on the mobile device is prior to 11.4.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "Apple iOS < 11.4.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4216", "CVE-2018-4248", "CVE-2018-4260", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4274", "CVE-2018-4275", "CVE-2018-4277", "CVE-2018-4278", "CVE-2018-4280", "CVE-2018-4282", "CVE-2018-4284", "CVE-2018-4290", "CVE-2018-4293", "CVE-2018-4327"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1141_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/111218", "sourceData": "Binary data apple_ios_1141_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:33:32", "description": "According to its banner, the version of Apple TV on the remote device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities as described in the HT209194 security advisory.\n\nNote that only 4th generation devices are affected by these vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "Apple TV < 12.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420"], "modified": "2022-06-01T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_12_1.NASL", "href": "https://www.tenable.com/plugins/nessus/118712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118712);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/01\");\n\n script_cve_id(\n \"CVE-2018-4368\",\n \"CVE-2018-4369\",\n \"CVE-2018-4371\",\n \"CVE-2018-4372\",\n \"CVE-2018-4378\",\n \"CVE-2018-4382\",\n \"CVE-2018-4386\",\n \"CVE-2018-4392\",\n \"CVE-2018-4394\",\n \"CVE-2018-4398\",\n \"CVE-2018-4409\",\n \"CVE-2018-4413\",\n \"CVE-2018-4416\",\n \"CVE-2018-4419\",\n \"CVE-2018-4420\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-10-30-5\");\n\n script_name(english:\"Apple TV < 12.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 12.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT209194 security advisory.\n\nNote that only 4th generation devices are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209194\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 12.1 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4420\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-4416\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"16J602\";\ntvos_ver = '12.1';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T17:59:50", "description": "The version of Apple iOS running on the mobile device is prior to 12.0. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-09-21T00:00:00", "type": "nessus", "title": "Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4310", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4321", "CVE-2018-4322", "CVE-2018-4323", "CVE-2018-4325", "CVE-2018-4326", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333", "CVE-2018-4335", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4352", "CVE-2018-4354", "CVE-2018-4355", "CVE-2018-4356", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4362", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-5383"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_120_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/117632", "sourceData": "Binary data apple_ios_120_check.nbin", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple iOS running on the mobile device is prior to 12.0. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL, APPLE-SA-2018-9-24-4 and APPLE-SA-2018-10-30-8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-5383", "CVE-2018-4311", "CVE-2018-4326", "CVE-2018-4407", "CVE-2018-4126", "CVE-2018-4203", "CVE-2018-4307", "CVE-2018-4310", "CVE-2018-4354", "CVE-2018-4341", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4401", "CVE-2018-4414", "CVE-2018-4383", "CVE-2018-4425", "CVE-2018-4360", "CVE-2018-4426", "CVE-2018-4336", "CVE-2018-4340", "CVE-2018-4337", "CVE-2018-4332", "CVE-2018-4347", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4331", "CVE-2018-4313", "CVE-2018-4329", "CVE-2018-4335", "CVE-2018-4333", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4355", "CVE-2018-4363", "CVE-2018-4362", "CVE-2018-4399", "CVE-2018-4395", "CVE-2018-4356", "CVE-2018-4352", "CVE-2018-4325", "CVE-2018-4322", "CVE-2018-4321", "CVE-2016-1777"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700552.PRM", "href": "https://www.tenable.com/plugins/nnm/700552", "sourceData": "Binary data 700552.prm", "cvss": {"score": 5.4, "vector": "CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:11", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4373", "CVE-2018-4376", "CVE-2018-4372", "CVE-2018-4374", "CVE-2018-4394", "CVE-2018-4375", "CVE-2018-4378", "CVE-2018-4377", "CVE-2018-4382", "CVE-2018-4409", "CVE-2018-4392", "CVE-2018-4398", "CVE-2018-4416", "CVE-2018-4386", "CVE-2018-4384", "CVE-2018-4367", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4371", "CVE-2018-4427", "CVE-2018-4366", "CVE-2018-4365", "CVE-2018-4369", "CVE-2018-4368", "CVE-2018-4385", "CVE-2018-4388", "CVE-2018-4413", "CVE-2018-4400", "CVE-2018-4387", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700554.PRM", "href": "https://www.tenable.com/plugins/nnm/700554", "sourceData": "Binary data 700554.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T18:02:54", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4365", "CVE-2018-4366", "CVE-2018-4367", "CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4386", "CVE-2018-4387", "CVE-2018-4388", "CVE-2018-4390", "CVE-2018-4391", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4427"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_121_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/118569", "sourceData": "Binary data apple_ios_121_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:50:43", "description": "The remote host is affected by the vulnerability described in GLSA-201808-04 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary commands or cause a denial of service condition via a maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-08-23T00:00:00", "type": "nessus", "title": "GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12293", "CVE-2018-12294", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4192", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4201", "CVE-2018-4204", "CVE-2018-4214", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201808-04.NASL", "href": "https://www.tenable.com/plugins/nessus/112078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201808-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112078);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12293\", \"CVE-2018-12294\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4192\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4201\", \"CVE-2018-4204\", \"CVE-2018-4214\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n script_xref(name:\"GLSA\", value:\"201808-04\");\n\n script_name(english:\"GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201808-04\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands or cause a denial of\n service condition via a maliciously crafted web content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201808-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.20.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.20.4\"), vulnerable:make_list(\"lt 2.20.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-07-05T06:01:12", "description": "An update that fixes 45 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.4 fixes the following issues:\n\n Security issues fixed:\n\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\n CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315,\n CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323,\n CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345,\n CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\n CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-68=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-21T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2019-01-21T00:00:00", "id": "OPENSUSE-SU-2019:0068-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXDJONTCZJ2FBL6O2T4TLFIJKIZM7U5J/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:42:16", "description": "An update that fixes 43 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\n CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\n CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\n CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\n CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\n bsc#1110279)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-81=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-23T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2019-01-23T00:00:00", "id": "OPENSUSE-SU-2019:0081-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N3LMCXDRCX64PDIK6OOJOXY7AAXP7POU/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:43:18", "description": "This update for webkit2gtk3 to version 2.20.5 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs\n (bsc#1101999).\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264,\n CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing\n maliciously crafted web content may lead to arbitrary code execution. A\n memory corruption issue was addressed with improved memory handling.\n - CVE-2018-4266: A malicious website may be able to cause a denial of\n service. A race condition was addressed with additional validation.\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously\n crafted web content may lead to an unexpected application crash. A\n memory corruption issue was addressed with improved input validation.\n - CVE-2018-4278: A malicious website may exfiltrate audio data\n cross-origin. Sound fetched through audio elements may be exfiltrated\n cross-origin. This issue was addressed with improved audio taint\n tracking.\n\n Other bugs fixed:\n\n - Fix rendering artifacts in some web sites due to a bug introduced in\n 2.20.4.\n - Fix a crash when leaving accelerated compositing mode.\n - Fix non-deterministic build failure due to missing\n JavaScriptCore/JSContextRef.h.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-09-21T15:08:10", "type": "suse", "title": "Security update for webkit2gtk3 (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-12911", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2018-09-21T15:08:10", "id": "OPENSUSE-SU-2018:2781-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3781-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4208", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3781_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843650\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 08:26:27 +0200 (Thu, 04 Oct 2018)\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\",\n \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\",\n \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\",\n \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\",\n \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3781-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were discovered\nin the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3781-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3781-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.22.2-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.22.2-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:26", "description": "This host is running Apple iTunes and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities-HT209140", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310814308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities-HT209140 (Windows)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes:\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814308\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4311\", \"CVE-2018-4316\", \"CVE-2018-4299\",\n \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\",\n \"CVE-2018-4319\", \"CVE-2018-4309\", \"CVE-2018-4197\", \"CVE-2018-4306\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4345\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 10:51:28 +0530 (Thu, 04 Oct 2018)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities-HT209140\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple iTunes and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption issues.\n\n - A cross-origin issue with iframe elements.\n\n - A cross-site scripting issue in Safari.\n\n - A use after free issue.\n\n - A memory consumption issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct cross site scripting and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\nif(version_is_less(version:appVer, test_version:\"12.9\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:13", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-09T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT209141)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT209141)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814073\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4311\", \"CVE-2018-4316\", \"CVE-2018-4299\",\n \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\",\n \"CVE-2018-4319\", \"CVE-2018-4309\", \"CVE-2018-4197\", \"CVE-2018-4306\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4345\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-09 10:19:54 +0530 (Tue, 09 Oct 2018)\");\n script_name(\"Apple iCloud Security Updates(HT209141)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues.\n\n - Multiple cross-origin issues.\n\n - A use after free issue.\n\n - Multiple cross-site scripting issues related to poor URL validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to execute arbitrary code, bypass security restrictions and conduct\n cross-site scripting and causes an ASSERT failure.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.7 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.7 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209141\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.7\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.7\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:46:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4437", "CVE-2018-4328", "CVE-2018-4372", "CVE-2018-4358", "CVE-2018-4442", "CVE-2018-4323", "CVE-2018-4165", "CVE-2018-4319", "CVE-2018-4443", "CVE-2018-4392", "CVE-2018-4345", "CVE-2018-4376", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4438", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4163", "CVE-2018-4318", "CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4314", "CVE-2018-4382", "CVE-2018-4316", "CVE-2018-4464", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4375", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4208", "CVE-2018-4378", "CVE-2018-4441", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4359", "CVE-2018-4386"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852248", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852248\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\",\n \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\",\n \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\",\n \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\",\n \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\",\n \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\",\n \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\",\n \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\",\n \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\",\n \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-24 04:02:18 +0100 (Thu, 24 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0081-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0081-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\n CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\n CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\n CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\n CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\n bsc#1110279)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-81=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3743-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-12911", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4246", "CVE-2018-4284", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2019-04-09T00:00:00", "id": "OPENVAS:1361412562310843618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3743_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3743-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843618\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-08-17 05:56:51 +0200 (Fri, 17 Aug 2018)\");\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4246\", \"CVE-2018-4261\", \"CVE-2018-4262\",\n \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\",\n \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\",\n \"CVE-2018-4278\", \"CVE-2018-4284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3743-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3743-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3743-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.20.5-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.20.5-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.20.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.20.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2781-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-12911", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852082", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852082\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-12911\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4271\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:42:25 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2018:2781-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2781-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00042.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2018:2781-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.20.5 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs\n (bsc#1101999).\n\n - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264,\n CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing\n maliciously crafted web content may lead to arbitrary code execution. A\n memory corruption issue was addressed with improved memory handling.\n\n - CVE-2018-4266: A malicious website may be able to cause a denial of\n service. A race condition was addressed with additional validation.\n\n - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously\n crafted web content may lead to an unexpected application crash. A\n memory corruption issue was addressed with improved input validation.\n\n - CVE-2018-4278: A malicious website may exfiltrate audio data\n cross-origin. Sound fetched through audio elements may be exfiltrated\n cross-origin. This issue was addressed with improved audio taint\n tracking.\n\n Other bugs fixed:\n\n - Fix rendering artifacts in some web sites due to a bug introduced in\n 2.20.4.\n\n - Fix a crash when leaving accelerated compositing mode.\n\n - Fix non-deterministic build failure due to missing\n JavaScriptCore/JSContextRef.h.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1025=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.20.5~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:17", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates(HT208933)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813558", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates(HT208933)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813558\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4293\", \"CVE-2018-4270\", \"CVE-2018-4278\", \"CVE-2018-4284\",\n \"CVE-2018-4266\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\",\n \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4267\", \"CVE-2018-4272\",\n \"CVE-2018-4271\", \"CVE-2018-4273\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 13:34:53 +0530 (Tue, 10 Jul 2018)\");\n script_name(\"Apple iTunes Security Updates(HT208933)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A cookie management issue in improved checks.\n\n - A memory corruption issue in memory handling.\n\n - Sound fetched through audio elements exfiltrated cross-origin.\n\n - A type confusion issue in memory handling.\n\n - A race condition in validation.\n\n - Multiple memory corruption issues in memory handling.\n\n - Multiple memory corruption issues in input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to crash Safari, exfiltrate audio data cross-origin, execute arbitrary code and\n cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.8 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.8 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208933\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nituneVer = infos['version'];\nitunePath = infos['location'];\n\n#after installation in registry version 12.8 = 12.8.0.150\nif(version_is_less(version:ituneVer, test_version:\"12.8.0.150\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.8\", install_path:itunePath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:25", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT208932)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT208932)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813559\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4293\", \"CVE-2018-4270\", \"CVE-2018-4284\", \"CVE-2018-4278\",\n \"CVE-2018-4266\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\",\n \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4267\", \"CVE-2018-4272\",\n \"CVE-2018-4271\", \"CVE-2018-4273\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 13:35:57 +0530 (Tue, 10 Jul 2018)\");\n script_name(\"Apple iCloud Security Updates(HT208932)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A cookie management issue in improved checks.\n\n - A memory corruption issue in memory handling.\n\n - Sound fetched through audio elements exfiltrated cross-origin.\n\n - A type confusion issue in memory handling.\n\n - A race condition in validation.\n\n - Multiple memory corruption issues in memory handling.\n\n - Multiple memory corruption issues in input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to crash Safari, exfiltrate audio data cross-origin, execute arbitrary code and\n cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.6 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.6 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208932\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\n#version in registry after installation of 7.6 = 7.6.0.15\nif(version_is_less(version:icVer, test_version:\"7.6.0.15\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.6\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T19:44:52", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-07-10T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT208934)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4279", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4274", "CVE-2018-4284", "CVE-2018-4260", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310813633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813633", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT208934)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813633\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2018-4279\", \"CVE-2018-4270\", \"CVE-2018-4278\", \"CVE-2018-4284\",\n \"CVE-2018-4266\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\",\n \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4267\", \"CVE-2018-4272\",\n \"CVE-2018-4271\", \"CVE-2018-4273\", \"CVE-2018-4274\", \"CVE-2018-4260\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 09:47:26 +0530 (Tue, 10 Jul 2018)\");\n script_name(\"Apple Safari Security Updates(HT208934)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An inconsistent user interface issue.\n\n - Sound fetched through audio elements may be exfiltrated cross-origin.\n\n - A type confusion issue due to poor memory handling.\n\n - A race condition issue due to improper validation.\n\n - Multiple memory corruption issues due to poor memory handling and improper\n input validation.\n\n - A spoofing issue existed in the handling of URLs.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct address bar spoofing, arbitrary code execution and\n cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.1.2.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.1.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208934\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"11.1.2\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"11.1.2\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:02", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-31T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT209198)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4386"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT209198)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814149\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4374\", \"CVE-2018-4377\", \"CVE-2018-4372\", \"CVE-2018-4373\",\n \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4382\", \"CVE-2018-4386\",\n \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4409\", \"CVE-2018-4378\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-31 10:29:04 +0530 (Wed, 31 Oct 2018)\");\n script_name(\"Apple iCloud Security Updates(HT209198)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An issue exiss in the method for determining prime numbers.\n\n - A cross-site scripting issue exists in Safari.\n\n - Multiple memory corruption, resource exhaustion, issues in memory\n handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers\n to execute arbitrary code, bypass security restrictions and conduct\n cross-site scripting.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.8 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.7 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209198\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.8\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.8\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:24", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-31T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT209196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4386"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310814320", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814320", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT209196)\n#\n# Authors:\n# Vidta V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814320\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2018-4374\", \"CVE-2018-4377\", \"CVE-2018-4372\", \"CVE-2018-4373\",\n \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4382\", \"CVE-2018-4386\",\n \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4409\", \"CVE-2018-4378\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-31 10:06:26 +0530 (Wed, 31 Oct 2018)\");\n script_name(\"Apple Safari Security Updates(HT209196)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue due to improper validation.\n\n - A cross-site scripting issue due to improper URL validation.\n\n - A resource exhaustion issue due to improper input validation.\n\n - Multiple memory corruption issues due to poor memory handling and improper\n input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct universal cross site scripting, arbitrary code execution and\n cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 12.0.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 12.0.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209196\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nsafVer = infos['version'];\nsafPath = infos['location'];\n\nif(version_is_less(version:safVer, test_version:\"12.0.1\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version: \"12.0.1\", install_path:safPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:04:20", "description": "This host is running Apple iTunes and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-31T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities-HT209197 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4386"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310814321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities-HT209197 (Windows)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814321\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_cve_id(\"CVE-2018-4398\", \"CVE-2018-4394\", \"CVE-2018-4374\", \"CVE-2018-4377\",\n \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\",\n \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\",\n \"CVE-2018-4409\", \"CVE-2018-4378\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-31 10:56:19 +0530 (Wed, 31 Oct 2018)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities-HT209197 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple iTunes and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An issue in the method for determining prime numbers.\n\n - A logic issue due to improper validation.\n\n - A cross-site scripting issue due to improper URL validation.\n\n - A resource exhaustion issue due to improper input validation.\n\n - Multiple memory corruption issues due to poor memory handling and improper\n input validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct cross site scripting and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9.1 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209197\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\n#12.9.1=12.9.1.4\nif(version_is_less(version:appVer, test_version:\"12.9.1.4\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9.1.4\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-28T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3828-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4372", "CVE-2018-4345", "CVE-2018-4386"], "modified": "2019-04-09T00:00:00", "id": "OPENVAS:1361412562310843832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3828_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3828-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843832\");\n script_version(\"2019-04-09T07:15:29+0000\");\n script_cve_id(\"CVE-2018-4345\", \"CVE-2018-4372\", \"CVE-2018-4386\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-09 07:15:29 +0000 (Tue, 09 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-28 07:55:04 +0100 (Wed, 28 Nov 2018)\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3828-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|18\\.10)\");\n\n script_xref(name:\"USN\", value:\"3828-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3828-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the USN-3828-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 18.10,\n Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.22.4-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.22.4-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.22.4-0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.22.4-0ubuntu0.18.10.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:52:31", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-03T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4209", "CVE-2018-4318", "CVE-2018-4323", "CVE-2018-4309", "CVE-2018-4317", "CVE-2018-4208", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4210", "CVE-2018-4197", "CVE-2018-4316", "CVE-2018-4212", "CVE-2018-4358", "CVE-2018-4315", "CVE-2018-4319", "CVE-2018-4361", "CVE-2018-4314", "CVE-2018-4191", "CVE-2018-4207", "CVE-2018-4311", "CVE-2018-4359", "CVE-2018-4312", "CVE-2018-4328"], "modified": "2018-10-03T00:00:00", "id": "USN-3781-1", "href": "https://ubuntu.com/security/notices/USN-3781-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:53:58", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-16T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12911", "CVE-2018-4265", "CVE-2018-4261", "CVE-2018-4266", "CVE-2018-4263", "CVE-2018-4246", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4270", "CVE-2018-4264", "CVE-2018-4267", "CVE-2018-4284", "CVE-2018-4262"], "modified": "2018-08-16T00:00:00", "id": "USN-3743-1", "href": "https://ubuntu.com/security/notices/USN-3743-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:51:00", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-27T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4345", "CVE-2018-4372", "CVE-2018-4386"], "modified": "2018-11-27T00:00:00", "id": "USN-3828-1", "href": "https://ubuntu.com/security/notices/USN-3828-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:03:58", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.22.0\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-02T00:00:00", "type": "gentoo", "title": "WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2018-12-02T00:00:00", "id": "GLSA-201812-04", "href": "https://security.gentoo.org/glsa/201812-04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:04:13", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary commands or cause a denial of service condition via a maliciously crafted web content. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.20.4\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-22T00:00:00", "type": "gentoo", "title": "WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12293", "CVE-2018-12294", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4192", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4201", "CVE-2018-4204", "CVE-2018-4214", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2018-08-22T00:00:00", "id": "GLSA-201808-04", "href": "https://security.gentoo.org/glsa/201808-04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:12:12", "description": "### *Detect date*:\n09/12/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files.\n\n### *Affected products*:\nApple iTunes earlier than 12.9\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.9 for Windows](<https://support.apple.com/ru-ru/HT209140>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4191](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4191>)6.8High \n[CVE-2018-4311](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4311>)5.8High \n[CVE-2018-4316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4316>)6.8High \n[CVE-2018-4299](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4299>)6.8High \n[CVE-2018-4323](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4323>)6.8High \n[CVE-2018-4328](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4328>)6.8High \n[CVE-2018-4358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4358>)6.8High \n[CVE-2018-4359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4359>)6.8High \n[CVE-2018-4319](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4319>)5.8High \n[CVE-2018-4309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4309>)4.3Warning \n[CVE-2018-4197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4197>)6.8High \n[CVE-2018-4306](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4306>)6.8High \n[CVE-2018-4312](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4312>)6.8High \n[CVE-2018-4314](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4314>)6.8High \n[CVE-2018-4315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4315>)6.8High \n[CVE-2018-4317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4317>)6.8High \n[CVE-2018-4318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4318>)6.8High \n[CVE-2018-4345](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4345>)4.3Warning \n[CVE-2018-4361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4361>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-12T00:00:00", "type": "kaspersky", "title": "KLA11323 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2020-06-03T00:00:00", "id": "KLA11323", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11323/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:12:48", "description": "### *Detect date*:\n07/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code and bypass security restrictions.\n\n### *Affected products*:\nApple iTunes earlier than 12.8\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.8 for Windows](<https://support.apple.com/en-us/HT208933>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4293>)5.0Critical \n[CVE-2018-4270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4270>)4.3Warning \n[CVE-2018-4278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4278>)4.3Warning \n[CVE-2018-4284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4284>)6.8High \n[CVE-2018-4266](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4266>)4.3Warning \n[CVE-2018-4261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4261>)6.8High \n[CVE-2018-4262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4262>)6.8High \n[CVE-2018-4263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4263>)6.8High \n[CVE-2018-4264](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4264>)6.8High \n[CVE-2018-4265](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4265>)6.8High \n[CVE-2018-4267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4267>)6.8High \n[CVE-2018-4272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4272>)6.8High \n[CVE-2018-4271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4271>)4.3Warning \n[CVE-2018-4273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4273>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "kaspersky", "title": "KLA11292 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2020-06-03T00:00:00", "id": "KLA11292", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11292/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:11:51", "description": "### *Detect date*:\n10/30/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and perform cross-site scripting attack.\n\n### *Affected products*:\nApple iTunes earlier than 12.9.1\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.9.1](<https://support.apple.com/en-us/HT209197>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4398](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4398>)5.0Critical \n[CVE-2018-4394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4394>)6.8High \n[CVE-2018-4374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4374>)4.3Warning \n[CVE-2018-4377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4377>)4.3Warning \n[CVE-2018-4409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4409>)4.3Warning \n[CVE-2018-4378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4378>)6.8High \n[CVE-2018-4372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4372>)6.8High \n[CVE-2018-4373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4373>)6.8High \n[CVE-2018-4375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4375>)6.8High \n[CVE-2018-4376](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4376>)6.8High \n[CVE-2018-4382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4382>)6.8High \n[CVE-2018-4386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4386>)6.8High \n[CVE-2018-4392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4392>)6.8High \n[CVE-2018-4416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4416>)6.8High\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "kaspersky", "title": "KLA11343 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2020-06-18T00:00:00", "id": "KLA11343", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11343/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.20.5, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-21T16:26:22", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284"], "modified": "2018-09-21T16:26:22", "id": "MGASA-2018-0382", "href": "https://advisories.mageia.org/MGASA-2018-0382.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:21:45", "description": "Posted by Ivan Fratric, Google Project Zero\n\n \n\n\nAround a year ago, we [published](<https://googleprojectzero.blogspot.com/2017/09/the-great-dom-fuzz-off-of-2017.html>) the results of research about the resilience of modern browsers against DOM fuzzing, a well-known technique for finding browser bugs. Together with the bug statistics we also published [Domato](<https://github.com/google/domato>), our DOM fuzzing tool that was used to find those bugs.\n\n** \n**\n\nGiven that in the previous research, Apple Safari, or more specifically, WebKit (its DOM engine) did noticeably worse than other browsers, we decided to revisit it after a year using exactly the same methodology and exactly the same tools to see whether anything changed.\n\n** \n**\n\nTest Setup\n\n** \n**\n\nAs in the original research, the fuzzing was initially done against [WebKitGTK+](<https://webkitgtk.org/>) and then all the crashes were tested against Apple Safari running on a Mac. This makes the fuzzing setup easier as WebKitGTK+ uses the same DOM engine as Safari, but allows for fuzzing on a regular Linux machine. In this research, WebKitGTK+ version 2.20.2 was used which can be downloaded [here](<https://webkitgtk.org/releases/webkitgtk-2.20.2.tar.xz>).\n\n** \n**\n\nTo improve the fuzzing process, a couple of custom changes were made to WebKitGTK+:\n\n** \n**\n\n * Made fixes to be able to build WebKitGTK+ with ASan (Address Sanitizer).\n\n** \n**\n\n * Changed window.alert() implementation to immediately call the garbage collector instead of displaying a message window. This works well because window.alert() is not something we would normally call during fuzzing.\n\n** \n**\n\n * Normally, when a DOM bug causes a crash, due to the multi-process nature of WebKit, only the web process would crash, but the main process would continue running. Code was added that monitors a web process and, if it crashes, the code would \u201ccrash\u201d the main process with the same status.\n\n** \n**\n\n * Created a custom target binary.\n\n** \n**\n\nAfter the previous research was published, we got a lot of questions about the details of our fuzzing setup. This is why, this time, we are publishing the changes made to the WebKitGTK+ code as well as the detailed build instructions below. A patch file can be found [here](<https://github.com/googleprojectzero/p0tools/tree/master/WebKitFuzz>). Note that the patch was made with WebKitGTK+ 2.20.2 and might not work as is on other versions.\n\n** \n**\n\nOnce WebKitGTK+ code was prepared, it was built with ASan by running the following commands from the WebKitGTK+ directory:\n\n** \n**\n\nexport CC=/usr/bin/clang\n\nexport CXX=/usr/bin/clang++\n\nexport CFLAGS=\"-fsanitize=address\"\n\nexport CXXFLAGS=\"-fsanitize=address\"\n\nexport LDFLAGS=\"-fsanitize=address\"\n\nexport ASAN_OPTIONS=\"detect_leaks=0\"\n\n** \n**\n\nmkdir build\n\ncd build\n\n** \n**\n\ncmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=. -DCMAKE_SKIP_RPATH=ON -DPORT=GTK -DLIB_INSTALL_DIR=./lib -DUSE_LIBHYPHEN=OFF -DENABLE_MINIBROWSER=ON -DUSE_SYSTEM_MALLOC=ON -DENABLE_GEOLOCATION=OFF -DENABLE_GTKDOC=OFF -DENABLE_INTROSPECTION=OFF -DENABLE_OPENGL=OFF -DENABLE_ACCELERATED_2D_CANVAS=OFF -DENABLE_CREDENTIAL_STORAGE=OFF -DENABLE_GAMEPAD_DEPRECATED=OFF -DENABLE_MEDIA_STREAM=OFF -DENABLE_WEB_RTC=OFF -DENABLE_PLUGIN_PROCESS_GTK2=OFF -DENABLE_SPELLCHECK=OFF -DENABLE_VIDEO=OFF -DENABLE_WEB_AUDIO=OFF -DUSE_LIBNOTIFY=OFF -DENABLE_SUBTLE_CRYPTO=OFF -DUSE_WOFF2=OFF -Wno-dev ..\n\n** \n**\n\nmake -j 4\n\n** \n**\n\nmkdir -p libexec/webkit2gtk-4.0\n\ncp bin/WebKit*Process libexec/webkit2gtk-4.0/\n\n** \n**\n\nIf you are doing this for the first time, the cmake/make step will likely complain about missing dependencies, which you will then have to install. You might note that a lot of features deemed not overly important for DOM fuzzing were disabled via -DENABLE flags. This was mainly to save us from having to install the corresponding dependencies but in some cases also to create a build that was more \u201cportable\u201d.\n\n** \n**\n\nAfter the build completes, the fuzzing is as simple as creating a sample with [Domato](<https://github.com/google/domato>), running the target binary as\n\n** \n**\n\nASAN_OPTIONS=detect_leaks=0,exitcode=42 ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer LD_LIBRARY_PATH=./lib ./bin/webkitfuzz /path/to/sample <timeout>\n\n** \n**\n\nand waiting for the exit code 42 (which, if you take a look at the command line above as well as the changes we made to the WebKitGTK+ code, indicates an ASan crash).\n\n** \n**\n\nAfter collecting crashes, an ASan build of the most recent WebKit source code was created on the actual Mac hardware. This is as simple as running\n\n** \n**\n\n./Tools/Scripts/set-webkit-configuration --release --asan\n\n./Tools/Scripts/build-webkit\n\n** \n**\n\nEach crash obtained on WebKitGTK+ was tested against the Mac build before reporting to Apple.\n\n** \n**\n\nThe Results\n\n** \n**\n\nAfter running the fuzzer for 100.000.000 iterations (the same as a year ago) I ended up with 9 unique bugs that were reported to Apple. Last year, I estimated that the computational power to perform this number of iterations could be purchased for about $1000 and this probably hasn\u2019t changed - an amount well within the payment range of a wide range of attackers with varying motivation.\n\n** \n**\n\nThe bugs are summarized in the table below. Please note that all of the bugs have been [fixed](<https://support.apple.com/en-us/HT209109>) at the time of release of this blog post.\n\n** \n**\n\nProject Zero bug ID\n\n| \n\nCVE\n\n| \n\nType\n\n| \n\nAffected Safari 11.1.2\n\n| \n\nOlder than 6 months\n\n| \n\nOlder than 1 year \n \n---|---|---|---|---|--- \n \n[1593](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1593>)\n\n| \n\nCVE-2018-4197\n\n| \n\nUAF\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nNO \n \n[1594](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1594>)\n\n| \n\nCVE-2018-4318\n\n| \n\nUAF\n\n| \n\nNO\n\n| \n\nNO\n\n| \n\nNO \n \n[1595](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1595>)\n\n| \n\nCVE-2018-4317\n\n| \n\nUAF\n\n| \n\nNO\n\n| \n\nYES\n\n| \n\nNO \n \n[1596](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1596>)\n\n| \n\nCVE-2018-4314\n\n| \n\nUAF\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nNO \n \n[1602](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1602>)\n\n| \n\nCVE-2018-4306\n\n| \n\nUAF\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nNO \n \n[1603](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1603>)\n\n| \n\nCVE-2018-4312\n\n| \n\nUAF\n\n| \n\nNO\n\n| \n\nNO\n\n| \n\nNO \n \n[1604](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1604>)\n\n| \n\nCVE-2018-4315\n\n| \n\nUAF\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nNO \n \n[1609](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1609>)\n\n| \n\nCVE-2018-4323\n\n| \n\nUAF\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nNO \n \n[1610](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1610>)\n\n| \n\nCVE-2018-4328\n\n| \n\nOOB read\n\n| \n\nYES\n\n| \n\nYES\n\n| \n\nYES \n \nUAF = use-after-free. OOB = out-of-bounds\n\n** \n**\n\nAs can be seen in the table, out of the 9 bugs found, 6 affected the release version of Apple Safari, directly affecting Safari users.\n\n** \n**\n\nWhile 9 or 6 bugs (depending how you count) is significantly less than the 17 found a year ago, it is still a respectable number of bugs, especially if we take into an account that the fuzzer has been public for a long time now.\n\n** \n**\n\nAfter the results were in, I looked into how long these bugs have been in the WebKit codebase. To check this, all the bugs were tested against a version of WebKitGTK+ that was more than 6 months old (WebKitGTK+ 2.19.6) as well as a version that was more than a year old (WebKitGTK+ 2.16.6).\n\n** \n**\n\nThe results are interesting\u2014most of the bugs were sitting in the WebKit codebase for longer than 6 months, however, only 1 of them is older than 1 year. Here, it might be important to note that throughout the past year (between the previous and this blog post) I also did fuzzing runs using the same approach and reported [14 bugs](<https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=ifratric+webkit+opened%3E2017%2F8%2F1+opened%3C2018%2F6%2F1+&colspec=ID+Status+Restrict+Reported+Vendor+Product+Finder+Summary&cells=ids>). Unfortunately, it is impossible to know how many of those 14 bugs would have survived until now and how many would have been found in this fuzz run. It is also possible that some of the newly found bugs are actually older, but don\u2019t trigger with the provided PoCs is in the older versions due to unrelated code changes in the DOM. I didn\u2019t investigate this possibility.\n\n** \n**\n\nHowever, even if we assume that all of the previously reported bugs would not have survived until now, the results still indicate that (a) the security vulnerabilities keep getting introduced in the WebKit codebase and (b) many of those bugs get incorporated into the release products before they are caught by internal security efforts.\n\n** \n**\n\nWhile (a) is not unusual for any piece of software that changes as rapidly as a DOM engine, (b) might indicate the need to put more computational resources into fuzzing and/or review before release.\n\n** \n**\n\nThe Exploit\n\n** \n**\n\nTo prove that bugs like this can indeed lead to a browser compromise, I decided to write an exploit for one of them. The goal was not to write a very reliable or sophisticated exploit - highly advanced attackers would likely not choose to use the bugs found by public tools whose lifetime is expected to be relatively short. However, if someone with exploit writing skills was to use such a bug in, for example, a malware spreading campaign, they could potentially do a lot of damage even with an unreliable exploit.\n\n** \n**\n\nOut of the 6 issues affecting the release version of Safari, I selected what I believed to be the easiest one to exploit\u2014a use-after-free where, unlike in the other use-after-free issues found, the freed object is not on the isolated heap\u2014a mitigation [recently introduced](<https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/>) in WebKit to make use-after-free exploitation harder.\n\n** \n**\n\nLet us first start by examining the bug we\u2019re going to exploit. [The issue](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1596>) is a use-after-free in the [SVGAnimateElementBase::resetAnimatedType()](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L187>) function. If you look at the code of the function, you are going to see that, first, the function gets a raw pointer to the SVGAnimatedTypeAnimator object on the line\n\n** \n**\n\nSVGAnimatedTypeAnimator* animator = ensureAnimator();\n\n** \n**\n\nand, towards the end of the function, the animator object is used to obtain a pointer to a SVGAnimatedType object (unless one already exists) on the line \n\n** \n**\n\nm_animatedType = animator->constructFromString(baseValue);\n\n** \n**\n\nThe problem is that, in between these two lines, attacker-controlled JavaScript code could run. Specifically, this could happen during a call to computeCSSPropertyValue(). The JavaScript code could then cause [SVGAnimateElementBase::resetAnimatedPropertyType()](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L433>) to be called, which would delete the animator object. Thus, the constructFromString() function would be called on the freed animator object - a typical use-after-free scenario, at least on the first glance. There is a bit more to this bug though, but we\u2019ll get to that later.\n\n** \n**\n\nThe vulnerability has been fixed in the latest Safari by no longer triggering JavaScript callbacks through computeCSSPropertyValue(). Instead, the event handler is going to be processed at some later time. The patch can be seen [here](<https://trac.webkit.org/changeset/232941/webkit>).\n\n** \n**\n\nA simple proof of concept for the vulnerability is:\n\n** \n**\n\n<body onload=\"setTimeout(go, 100)\">\n\n<svg id=\"svg\">\n\n<animate id=\"animate\" attributeName=\"fill\" />\n\n</svg>\n\n<div id=\"inputParent\" onfocusin=\"handler()\">\n\n<input id=\"input\">\n\n</div>\n\n<script>\n\nfunction handler() {\n\nanimate.setAttribute('attributeName','fill');\n\n}\n\nfunction go() {\n\ninput.autofocus = true;\n\ninputParent.after(inputParent);\n\nsvg.setCurrentTime(1);\n\n}\n\n</script>\n\n</body>\n\n** \n**\n\nHere, svg.setCurrentTime() results in resetAnimatedType() being called, which in turn, due to DOM mutations made previously, causes a JavaScript event handler to be called. In the event handler, the animator object is deleted by resetting the attributeName attribute of the animate element.\n\n** \n**\n\nSince constructFromString() is a virtual method of the SVGAnimatedType class, the primitive the vulnerability gives us is a virtual method call on a freed object.\n\n** \n**\n\nIn the days before ASLR, such a vulnerability would be immediately exploitable by replacing the freed object with data we control and faking the virtual method table of the freed object, so that when the virtual method is called, execution is redirected to the attacker\u2019s ROP chain. But due to ASLR we won\u2019t know the addresses of any executable modules in the process.\n\n** \n**\n\nA classic way to overcome this is to combine such a use-after-free bug with an infoleak bug that can leak an address of one of the executable modules. But, there is a problem: In our crop of bugs, there wasn\u2019t a good infoleak we could use for this purpose. A less masochistic vulnerability researcher would simply continue to run the fuzzer until a good infoleak bug would pop up. However, instead of finding better bugs, I deliberately wanted to limit myself to just the bugs found in the same number of iterations as in the previous research. As a consequence, the majority of time spent working on this exploit was to turn the bug into an infoleak.\n\n** \n**\n\nAs stated before, the primitive we have is a virtual method call on the freed object. Without an ASLR bypass, the only thing we can do with it that would not cause an immediate crash is to replace the freed object with another object that also has a vtable, so that when a virtual method is called, it is called on the other object. Most of the time, this would mean calling a valid virtual method on a valid object and nothing interesting would happen. However, there are several scenarios where doing this could lead to interesting results:\n\n** \n**\n\n 1. The virtual method could be something dangerous to call out-of-context. For example, if we can call a destructor of some object, its members could get freed while the object itself continues to live. With this, we could turn the original use-after-free issue into another use-after-free issue, but possibly one that gives us a better exploitation primitive.\n\n** \n**\n\n 2. Since constructFromString() takes a single parameter of the type String, we could potentially cause a type confusion on the input parameter if the other virtual method expects a parameter of another type. Additionally, if the other virtual method takes more parameters than constructFromString(), these would be uninitialized which could also lead to exploitable behavior.\n\n** \n**\n\n 3. As constructFromString() is expected to return a pointer of type SVGAnimatedType, if the other virtual method returns some other type, this will lead to the type confusion on the return value. Additionally, if the other virtual method does not return anything, then the return value remains uninitialized.\n\n** \n**\n\n 4. If the vtables of the freed object and the object we replaced it with are of different size, calling a vtable pointer on the freed object could result in an out-of-bounds read on the vtable of the other object, resulting in calling a virtual function of some third class.\n\n** \n**\n\nIn this exploit we used option 3, but with a twist. To understand what the twist is, let\u2019s examine the SVGAnimateElementBase class more closely: It implements (most of) the functionality of the SVG <animate> element. The SVG <animate> element is used to, as the name suggests, animate a property of another element. For example, having the following element in an SVG image\n\n** \n**\n\n<animate attributeName=\"x\" from=\"0\" to=\"100\" dur=\"10s\" />\n\n** \n**\n\nwill cause the x coordinate of the target element (by default, the parent element) to grow from 0 to 100 over the duration of 10 seconds. We can use an <animate> element to animate various CSS or XML properties, which is controlled by the attributeName property of the <animate> element.\n\n** \n**\n\nHere\u2019s the interesting part: These properties can have different types. For example, we might use an <animate> element to animate the x coordinate of an element, which is of type SVGLengthValue (number + unit), or we might use it to animate the fill attribute, which is of type Color.\n\n** \n**\n\nIn an SVGAnimateElementBase class, the type of animated property is tracked via a member variable declared as\n\n** \n**\n\nAnimatedPropertyType m_animatedPropertyType;\n\n** \n**\n\nWhere AnimatedPropertyType is the enumeration of possible types. Two other member variables of note are\n\n** \n**\n\nstd::unique_ptr<SVGAnimatedTypeAnimator> m_animator;\n\nstd::unique_ptr<SVGAnimatedType> m_animatedType;\n\n** \n**\n\nThe m_animator here is the use-after-free object, while m_animatedType is the object created from the (possibly freed) m_animator.\n\n** \n**\n\nSVGAnimatedTypeAnimator (type of m_animator) is a superclass which has subclasses for all possible values of AnimatedPropertyType, such as SVGAnimatedBooleanAnimator, SVGAnimatedColorAnimator etc. SVGAnimatedType (type of m_animatedType) is a variant that contains a [type](<https://github.com/WebKit/webkit/blob/b5d63c0d3599c4c085d0bcf6da0830807c21ea7e/Source/WebCore/svg/SVGAnimatedType.h#L274>) and a [union](<https://github.com/WebKit/webkit/blob/b5d63c0d3599c4c085d0bcf6da0830807c21ea7e/Source/WebCore/svg/SVGAnimatedType.h#L276>) of possible values depending on the type.\n\n** \n**\n\nThe important thing to note is that normally, both the subclass of m_animator and the type of m_animatedType are supposed to match m_animatedPropertyType. For example, if m_animatedPropertyType is AnimatedBoolean, then the type of m_animatedType variant should be the same, and m_animator should be an instance of SVGAnimatedBooleanAnimator.\n\n** \n**\n\nAfter all, why shouldn\u2019t all these types match, since m_animator is created based on m_animatedPropertyType [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L447>) and m_animatedType is created by m_animator [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L228>). Oh wait, that\u2019s exactly where the vulnerability occurs!\n\n** \n**\n\nSo instead of replacing a freed animator with something completely different and causing a type confusion between SVGAnimatedType and another class, we can instead replace the freed animator with another animator subclass and confuse SVGAnimatedType with type = A to another SVGAnimatedType with type = B.\n\n** \n**\n\nBut one interesting thing about this bug is that it would still be a bug even if the animator object did not get freed. In that case, the bug turns into a type confusion: To trigger it, one would simply change the m_animatedPropertyType of the <animate> element to a different type in the JavaScript callback (we\u2019ll examine how this happens in detail later). This led to some discussion in the office whether the bug should be called an use-after-free at all, or is this really a different type of bug where the use-after-free is merely a symptom.\n\n** \n**\n\nNote that the animator object is always going to get freed as soon as the type of the <animate> element changes, which leads to an interesting scenario where to exploit a bug (however you choose to call it), instead of replacing the freed object with an object of another type, we could either replace it with the object of the same type or make sure it doesn\u2019t get replaced at all. Due to how memory allocation in WebKit works, the latter is actually going to happen on its own most of the time anyway - objects allocated in a memory page will only start getting replaced once the whole page becomes full. Additionally, freeing an object in WebKit doesn\u2019t corrupt it as would be the case in some other allocators, which allows us to still use it normally even after being freed.\n\n** \n**\n\nLet\u2019s now examine how this type confusion works and what effects it has:\n\n** \n**\n\n 1. We start with an <animate> element for type A. m_animatedPropertyType, m_animator and m_animatedType all match type A.\n\n** \n**\n\n 2. resetAnimatedType() gets called and it retrieves an animator pointer of type A [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L189>).\n\n** \n**\n\n 3. resetAnimatedType() calls computeCSSPropertyValue() [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L224>), which triggers a JavaScript callback.\n\n** \n**\n\n 4. In the JavaScript callback, we change the type of <animate> element to B by changing its attributeName attribute. This causes [SVGAnimateElementBase::resetAnimatedPropertyType()](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L433>) to be called. In it, m_animatedType and m_animator get deleted, while m_animatedPropertyType gets set to B according to the new attributeName [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L441>). Now, m_animatedType and m_animator are null, while m_animatedPropertyType is B.\n\n** \n**\n\n 5. We return into resetAnimatedType(), where we still have a local variable animator which still points to (freed but still functional) animator for type A.\n\n** \n**\n\n 6. m_animatedType gets created based on the freed animator [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L228>). Now, m_animatedType is of type A, m_animatedPropertyType is B and m_animator is null.\n\n** \n**\n\n 7. resetAnimatedType() returns, and the animator local variable pointing to the freed animator of type A gets lost, never to be seen again.\n\n** \n**\n\n 8. Eventually, resetAnimatedType() gets called again. Since m_animator is still null, but m_animatedPropertyType is B, it creates m_animator of type B [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L189>).\n\n** \n**\n\n 9. Since m_animatedType is non-null, instead of creating it anew, we just initialize it by calling m_animatedType->setValueAsString() [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L230>). We now have m_animatedPropertyType for type B, m_animator for type B and m_animatedType for type A.\n\n** \n**\n\n 10. At some point, the value of the animated property gets calculated. That happens in SVGAnimateElementBase::calculateAnimatedValue() on [this line](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L127>) by calling m_animator->calculateAnimatedValue(..., m_animatedType). Here, there is a mismatch between the m_animator (type B) and m_animatedType (type A). However, because the mismatch wouldn\u2019t normally occur, the animator won\u2019t check the type of the argument (there might be some debug asserts but nothing in the release) and will attempt to write the calculated animated value of type B into the SVGAnimatedType with type A.\n\n** \n**\n\n 11. After the animated value has been computed, it is read out as string and set to the corresponding CSS property. This happens [here](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/svg/SVGAnimateElementBase.cpp#L355>).\n\n** \n**\n\nThe actual type confusion only happens in step 10: there, we will write to the SVGAnimatedType of type A as if it actually was type B. The rest of the interactions with m_animatedType are not dangerous since they are simply getting and setting the value as string, an operation that is safe to do regardless of the actual type.\n\n** \n**\n\nNote that, although the <animate> element supports animating XML properties as well as CSS properties, we can only do the above dance with CSS properties as the code for handling XML properties is different. The list of CSS properties we can work with can be found [here](<https://github.com/WebKit/webkit/blob/ea3eb58d4e882f65265d8ce75a57a807a37b78f2/Source/WebCore/svg/SVGElement.cpp#L171>).\n\n** \n**\n\nSo, how do we exploit this type confusion for an infoleak? The initial idea was to exploit with A = <some numeric type> and B = String. This way, when the type confusion on write occurs, a string pointer is written over a number and then we would be able to read it in step 11 above. But there is a problem with this (as well as with a large number of type combinations): The value read in step 11 must be a valid CSS property value in the context of the current animated property, otherwise it won\u2019t be set correctly and we would not be able to read it out. For example, we were unable to find a string CSS property (from the list above) that would accept a value like 1.4e-45 or similar.\n\n** \n**\n\nA more promising approach, due to limitations of step 11, would be to replace a numeric type with another numeric type. We had some success with A = FloatRect and B = SVGLengthListValues, which is a vector of SVGLengthValue values. Like above, this results in a vector pointer being written over FloatRect type. This sometimes leads to successfully disclosing a heap address. Why sometimes? Because the only CSS property with type SVGLengthListValues we can use is stroke-dasharray, and stroke-dasharray accepts only positive values. Thus, if lower 32-bits of the heap address we want to disclose look like a negative floating point number (i.e. the highest bit is set), then we would not be able to disclose that address. This problem can be overcome by spraying the heap with 2GB of data so that the lower 32-bits of heap addresses start becoming positive. But, since we need heap spraying anyway, there is another approach we can take.\n\n** \n**\n\nThe approach we actually ended up using is with A = SVGLengthListValues (stroke-dasharray CSS property) and B = float (stroke-miterlimit CSS property). What this type confusion does, is overwrites the lowest 32 bits of a SVGLengthValue vector with a floating point number.\n\n** \n**\n\nBefore we trigger this type confusion we need to spray the heap with approximately 4GB of data (doable on modern computers), which gives us a good probability that when we change an original heap address 0x000000XXXXXXXXXX to 0x000000XXYYYYYYYY, the resulting address is still going to be a valid heap address, especially if YYYYYYYY is high. This way, we can disclose not-quite-arbitrary data at 0x000000XX00000000 + arbitrary offset.\n\n** \n**\n\nWhy not-quite-arbitrary? Because there are still some limitations:\n\n** \n**\n\n 1. As stroke-miterlimit must be positive, once again we can only disclose data from the heap interpretable as a 32-bit float.\n\n** \n**\n\n 2. SVGLengthValue is a type which consists of a 32-bit float followed by an enumeration that describes the units used. When a SVGLengthValue is read out as string in step 11 above, if the unit value is valid, it will be appended to the number (e.g. \u2018100px\u2019). If we attempt to set a string like that to the stroke-miterlimit property it will fail. Thus, the next byte after the heap value we want to read must interpret as invalid unit (in which case the unit is not appended when reading out SVGLengthValue as string).\n\n** \n**\n\nNote that both of these limitations can often be worked around by doing non-aligned reads.\n\n** \n**\n\nNow that we have our more-or-less usable read, what do we read out? As the whole point is to defeat ASLR, we should read a pointer to an executable module. Often in exploitation, one would do that by reading out the vtable pointer of some object on the heap. However, on MacOS it appears that vtable pointers point to a separate memory region than the one containing executable code of the corresponding module. So instead of reading out a vtable pointer, we need to read a function pointer instead.\n\n** \n**\n\nWhat we ended up doing is using VTTRegion objects in our heap spray. A VTTRegion object contains a [Timer](<https://github.com/WebKit/webkit/blob/89c28d471fae35f1788a0f857067896a10af8974/Source/WebCore/html/track/VTTRegion.h#L153>) which contains a pointer to Function object which (in this case) contains a function pointer to VTTRegion::scrollTimerFired(). Thus, we can spray with VTTRegion objects (which takes about 10 seconds on a quite not-state-of-the-art Mac Mini) and then scan the resulting memory for a function pointer.\n\n** \n**\n\nThis gives us the ASLR bypass, but one other thing useful to have for the next phase is the address of the payload (ROP chain and shellcode). We disclose it by the following steps:\n\n** \n**\n\n 1. Find a VTTRegion object in the heap spray.\n\n** \n**\n\n 2. By setting the VTTRegion.height property during the heap spray to an index in the spray array, we can identify exactly which of the millions of VTTRegion objects we just read.\n\n** \n**\n\n 3. Set the VTTRegion.id property of the VTTRegion object to the payload.\n\n** \n**\n\n 4. Read out the VTTRegion.id pointer.\n\n** \n**\n\nWe are now ready for triggering the vulnerability a second time, this time for code exec. This time, it is the classic use-after-free exploitation scenario: we overwrite the freed SVGAnimatedTypeAnimator object with the data we control.\n\n** \n**\n\nAs Apple recently introduced [gigacage](<https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/>) (a separate large region of memory) for a lot of attacker-controlled datatypes (strings, arrays, etc.) this is no longer trivial. However, one thing still allocated on the main heap is Vector content. By finding a vector whose content we fully control, we can overcome the heap limitations.\n\n** \n**\n\nWhat I ended up using is a [temporary vector](<https://github.com/WebKit/webkit/blob/dad62415730c8df3cbbe654eb15f0585e74af04c/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h#L229>) used when TypedArray.set() is called to copy values from one JavaScript typed array into another typed array. This vector is temporary, meaning it will be deleted immediately after use, but again, due to how memory allocation works in webkit it is not too horrible. Like other stability improvements, the task of finding a more permanent controllable allocation is left to the exercise of the reader. :-)\n\n** \n**\n\nThis time, in the JavaScript event handler, we can replace the freed SVGAnimatedTypeAnimator with a vector whose first 8 bytes are set to point to the ROP chain + shellcode payload.\n\n** \n**\n\nThe ROP chain is pretty straightforward, but one thing that is perhaps more interesting is the stack pivot gadget (or, in this case, gadgets) used. In the scenario we have, the virtual function on the freed object is called as\n\n** \n**\n\ncall qword ptr [rax+10h]\n\n** \n**\n\nwhere rax points to our payload. Additionally, rsi points to the freed object (that we now also control). The first thing we want to do for ROP is control the stack, but I was unable to find any \u201cclassic\u201d gadgets that accomplish this such as\n\n** \n**\n\nmov rsp, rax; ret;\n\npush rax; pop rsp; ret;\n\nxchg rax, rsp; ret;\n\n** \n**\n\nWhat I ended up doing is breaking the stack pivot into two gadgets:\n\n** \n**\n\npush rax; mov rax, [rsi], call [rax + offset];\n\n** \n**\n\nThis first gadget pushes the payload address on the stack and is very common because, after all, that\u2019s exactly how the original virtual function was called (apart from push rax that can be an epilogue of some other instruction). The second gadget can then be\n\n** \n**\n\npop whatever; pop rsp; ret;\n\n** \n**\n\nwhere the first pop pops the return address from the stack and the second pop finally gets the controlled value into rsp. This gadget is less common, but still appears to be way more common than the stack pivot mentioned previously, at least in our binary.\n\n** \n**\n\nThe final ROP chain is (remember to start reading from offset 0x10):\n\n** \n**\n\n[address of pop; pop; pop; ret]\n\n0\n\n[address of push rax; mov rax, [rsi], call [rax+0x28]];\n\n0\n\n[address of pop; ret]\n\n[address of pop rbp; pop rsp; ret;]\n\n[address of pop rdi; ret]\n\n0\n\n[address of pop rsi; ret]\n\nshellcode length\n\n[address of pop rdx; ret]\n\nPROT_EXEC + PROT_READ + PROT_WRITE\n\n[address of pop rcx; ret]\n\nMAP_ANON + MAP_PRIVATE\n\n[address of pop r8; pop rbp; ret]\n\n-1\n\n0\n\n[address of pop r9; ret]\n\n0\n\n[address of mmap]\n\n[address of push rax; pop rdi; ret]\n\n[address of push rsp; pop rbp; ret]\n\n[address of push rbp; pop rax; ret]\n\n[address of add rax, 0x50; pop rbp; ret]\n\n0\n\n[address of push rax; pop rsi; pop rbp; ret]\n\n0\n\n[address of pop rdx; ret]\n\nshellcode length\n\n[address of memcpy]\n\n[address of jmp rax;]\n\n0\n\nshellcode\n\n** \n**\n\nThe ROP chain calls\n\n** \n**\n\nmmap(0, shellcode_length, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_ANON + MAP_PRIVATE, -1, 0)\n\n** \n**\n\nThen calculates the shellcode address and copies it to the address returned by mmap(), after which the shellcode is called.\n\n** \n**\n\nIn our case, the shellcode is just a sequence of \u2018int 3\u2019 instructions and when reaching it, Safari \n\nwill crash. If a debugger is attached, we can see that the shellcode was successfully reached as it will detect a breakpoint:\n\n** \n**\n\nProcess 5833 stopped\n\n* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=EXC_I386_BPT, subcode=0x0)\n\nframe #0: 0x00000001b1b83001\n\n-> 0x1b1b83001: int3 \n\n0x1b1b83002: int3 \n\n0x1b1b83003: int3 \n\n0x1b1b83004: int3 \n\nTarget 0: (com.apple.WebKit.WebContent) stopped.\n\n** \n**\n\nIn the real-world scenario the shellcode could either be a second-stage exploit to break out of the Safari sandbox or, alternately, a payload that would turn the issue into an universal XSS, stealing cross-domain data.\n\n** \n**\n\nThe exploit was successfully tested on Mac OS 10.13.6 (build version 17G65). If you are still using this version, you might want to update. The full exploit can be seen [here](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1596#c3>).\n\n** \n**\n\nThe impact of recent iOS mitigations\n\n** \n**\n\nAn interesting aspect of this exploit is that, on Safari for Mac OS it could be written in a very \u201cold-school\u201d way (infoleak + ROP) due to lack of control flow mitigations on the platform.\n\n** \n**\n\nOn the latest mobile hardware and in iOS 12, which was published after the exploit was already written, Apple [introduced](<https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf>) control flow mitigations by using Pointer Authentication Codes (PAC). While there are no plans to write another version of the exploit at this time, it is interesting to discuss how the exploit could be modified not to be affected by the recent mitigations.\n\n** \n**\n\nThe exploit, as presented here, consists of two parts: infoleak and getting code execution. PAC would not affect the infoleak part in any way, however it would prevent jumping to the ROP chain in the second part of the exploit, because we could not forge a correct signature for the vtable pointer.\n\n** \n**\n\nInstead of jumping to the ROP code, the next stage of the exploit would likely need to be getting an arbitrary read-write primitive. This could potentially be accomplished by exploiting a similar type confusion that was used for the infoleak, but with a different object combination. I did notice that there are some type combinations that could result in a write (especially if the attacker already has an infoleak), but I didn\u2019t investigate those in detail.\n\n** \n**\n\nIn the Webkit process, after the attacker has an arbitrary read-write primitive, they could find a way to overwrite JIT code (or, failing that, other data that would cause fully or partially controlled JIT code to be emitted) and achieve code execution that way.\n\n** \n**\n\nSo while the exploit could still be written, admittedly it would be somewhat more difficult to write.\n\n** \n**\n\nOn publishing the advisories\n\n** \n**\n\nBefore concluding this blog post, we want to draw some attention to how the patches for the issues listed in the blog post were announced and to the corresponding timeline. The issues were reported to Apple between June 15 and July 2nd, 2018. On September 17th 2018, Apple [published](<https://support.apple.com/en-us/HT201222>) security advisories for iOS 12, tvOS 12 and Safari 12 which fixed all of the issues. However, although the bugs were fixed at that time, the corresponding advisories did not initially mention them. The issues described in the blog post were only added to the advisories one week later, on September 24, 2018, when the security advisories for macOS Mojave 10.14 were also published.\n\n** \n**\n\nTo demonstrate the discrepancy between originally published advisories and the updated advisories, compare the archived version of Safari 12 advisories from September 18 [here](<https://web.archive.org/web/20180918154013/https://support.apple.com/en-us/HT209109>) and the current version of the same advisories [here](<https://support.apple.com/en-us/HT209109>) (note that you might need to refresh the page if you still have the old version in your browser\u2019s cache).\n\n** \n**\n\nThe original advisories most likely didn\u2019t include all the issues because Apple wanted to wait for the issues to also be fixed on MacOS before adding them. However, this practice is misleading because customers interested in the Apple security advisories would most likely read them only once, when they are first released and the impression they would to get is that the product updates fix far less vulnerabilities and less severe vulnerabilities than is actually the case.\n\n** \n**\n\nFurthermore, the practice of not publishing fixes for mobile or desktop operating systems at the same time can put the desktop customers at unnecessary risk, because attackers could reverse-engineer the patches from the mobile updates and develop exploits against desktop products, while the desktop customers would have no way to update and protect themselves.\n\n** \n**\n\nConclusion\n\n** \n**\n\nWhile there were clearly improvements in WebKit DOM when tested with Domato, the now public fuzzer was still able to find a large number of interesting bugs in a non-overly-prohibitive number of iterations. And if a public tool was able to find that many bugs, it is expected that private ones might be even more successful.\n\n** \n**\n\nAnd while it is easy to brush away such bugs as something we haven\u2019t seen actual attackers use, that doesn\u2019t mean it\u2019s not happening or that it couldn\u2019t happen, as the provided exploit demonstrates. The exploit doesn\u2019t include a sandbox escape so it can\u2019t be considered a full chain, however [reports from other security researchers](<http://blog.ret2.io/2018/07/25/pwn2own-2018-safari-sandbox/>) indicate that this other aspect of browser security, too, cracks under fuzzing (Note from Apple Security: this sandbox escape relies on attacking the WindowServer, access to which has been removed from the sandbox in Safari 12 on macOS Mojave 10.14). Additionally, a DOM exploit could be used to steal cross-domain data such as cookies even without a sandbox escape.\n\n \n\n\nThe fuzzing results might indicate that WebKit is getting fuzzed, but perhaps not with sufficient computing power to find all fuzzable, newly introduced bugs before they make it into the release version of the browser. We are hoping that this research will lead to improved user security by providing an incentive for Apple to allocate more resources into this area of browser security.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-04T00:00:00", "type": "googleprojectzero", "title": "\n365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools\n", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4197", "CVE-2018-4306", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4323", "CVE-2018-4328"], "modified": "2018-10-04T00:00:00", "id": "GOOGLEPROJECTZERO:3CA4D30640364D41657F0CD0BDC069DE", "href": "https://googleprojectzero.blogspot.com/2018/10/365-days-later-finding-and-exploiting.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of iCloud for Windows 7.7\n\nThis document describes the security content of iCloud for Windows 7.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.7\n\nReleased October 8, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-08T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.7", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4474"], "modified": "2018-10-08T00:00:00", "id": "APPLE:DAAD09F066E4072297938AF9D44AFD8C", "href": "https://support.apple.com/kb/HT209141", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:19", "description": "# About the security content of Safari 12\n\nThis document describes the security content of Safari 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 12\n\nReleased September 17, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\nEntry updated September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of Safari 12", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4195", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4474"], "modified": "2018-09-17T00:00:00", "id": "APPLE:AB25A7A64582170A3171E4E960BCF621", "href": "https://support.apple.com/kb/HT209109", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-28T19:31:50", "description": "# About the security content of iTunes 12.9 for Windows\n\nThis document describes the security content of iTunes 12.9 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.9 for Windows\n\nReleased September 12, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vulcan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 22, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-12T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.9 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4474"], "modified": "2018-09-12T00:00:00", "id": "APPLE:B349435C870C5C95E8A00FFC3E3E648E", "href": "https://support.apple.com/kb/HT209140", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:56", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 12\n\nReleased September 17, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\nEntry updated September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-23T08:10:26", "title": "About the security content of Safari 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4307", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4329", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4195"], "modified": "2019-01-23T08:10:26", "id": "APPLE:HT209109", "href": "https://support.apple.com/kb/HT209109", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.7\n\nReleased October 8, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-23T08:20:11", "title": "About the security content of iCloud for Windows 7.7 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4412", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4126"], "modified": "2019-01-23T08:20:11", "id": "APPLE:HT209141", "href": "https://support.apple.com/kb/HT209141", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:10", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.9 for Windows\n\nReleased September 12, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vulcan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-22T03:26:11", "title": "About the security content of iTunes 12.9 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4412", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4126"], "modified": "2020-10-22T03:26:11", "id": "APPLE:HT209140", "href": "https://support.apple.com/kb/HT209140", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:50", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.6\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-24T04:48:23", "title": "About the security content of iCloud for Windows 7.6 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4269", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2018-10-24T04:48:23", "id": "APPLE:HT208932", "href": "https://support.apple.com/kb/HT208932", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:30", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.8 for Windows\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated August 1, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-01T04:33:04", "title": "About the security content of iTunes 12.8 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4145", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2019-08-01T04:33:04", "id": "APPLE:HT208933", "href": "https://support.apple.com/kb/HT208933", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:21", "description": "# About the security content of iTunes 12.8 for Windows\n\nThis document describes the security content of iTunes 12.8 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.8 for Windows\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated August 1, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4145: found by OSS-Fuzz\n\nEntry added October 18, 2018\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 01, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.8 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4145", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2018-07-09T00:00:00", "id": "APPLE:80F205F5E8A723A8899FE7CE7D761778", "href": "https://support.apple.com/kb/HT208933", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:22", "description": "# About the security content of iCloud for Windows 7.6\n\nThis document describes the security content of iCloud for Windows 7.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.6\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 24, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4269", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2018-07-09T00:00:00", "id": "APPLE:D17905765727DBA1F818A539B231771B", "href": "https://support.apple.com/kb/HT208932", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:16", "description": "# About the security content of Safari 12.0.1\n\nThis document describes the security content of Safari 12.0.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 12.0.1\n\nReleased October 30, 2018\n\n**Safari Reader**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\nEntry added January 22, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 03, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of Safari 12.0.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2018-10-30T00:00:00", "id": "APPLE:C4141CDD7926D4083DD6196FC2A479C0", "href": "https://support.apple.com/kb/HT209196", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:55", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 12.0.1\n\nReleased October 30, 2018\n\n**Safari Reader**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\nEntry added January 22, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T09:46:00", "title": "About the security content of Safari 12.0.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4386"], "modified": "2019-04-03T09:46:00", "id": "APPLE:HT209196", "href": "https://support.apple.com/kb/HT209196", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:28", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 11.1.2\n\nReleased July 9, 2018\n\n**Safari**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4279: Ruilin Yang, Xu Taoyu (xia0yu.win)\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\nEntry updated October 30, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 30, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4274: Tomasz Bojarski\n\nEntry updated October 30, 2018\n\n**WebKit Page Loading**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T06:50:39", "title": "About the security content of Safari 11.1.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4362", "CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4271", "CVE-2018-4279", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4274", "CVE-2018-4284", "CVE-2018-4260", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2018-10-30T06:50:39", "id": "APPLE:HT208934", "href": "https://support.apple.com/kb/HT208934", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:22", "description": "# About the security content of Safari 11.1.2\n\nThis document describes the security content of Safari 11.1.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Safari 11.1.2\n\nReleased July 9, 2018\n\n**Safari**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4279: Ruilin Yang, Xu Taoyu (xia0yu.win)\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\nEntry updated October 30, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 30, 2018\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4274: Tomasz Bojarski\n\nEntry updated October 30, 2018\n\n**WebKit Page Loading**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.6\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 30, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of Safari 11.1.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4260", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4274", "CVE-2018-4278", "CVE-2018-4279", "CVE-2018-4284", "CVE-2018-4362"], "modified": "2018-07-09T00:00:00", "id": "APPLE:7DF25A6F86C7BE97C428879F39374B4D", "href": "https://support.apple.com/kb/HT208934", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:16", "description": "# About the security content of iCloud for Windows 7.8\n\nThis document describes the security content of iCloud for Windows 7.8.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.8\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated December 18, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 03, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.8", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2018-10-30T00:00:00", "id": "APPLE:77097C057D2AD63B16D78754E8FA3E5D", "href": "https://support.apple.com/kb/HT209198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:59", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iCloud for Windows 7.8\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated December 18, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T09:46:51", "title": "About the security content of iCloud for Windows 7.8 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4386"], "modified": "2019-04-03T09:46:51", "id": "APPLE:HT209198", "href": "https://support.apple.com/kb/HT209198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:07", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 11.4.1\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 2, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T01:10:16", "title": "About the security content of tvOS 11.4.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4282", "CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4277", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4248", "CVE-2018-4269", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4280", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2018-11-17T01:10:16", "id": "APPLE:HT208936", "href": "https://support.apple.com/kb/HT208936", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:24", "description": "# About the security content of tvOS 11.4.1\n\nThis document describes the security content of tvOS 11.4.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 11.4.1\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 2, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 2, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of tvOS 11.4.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4248", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4269", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4277", "CVE-2018-4278", "CVE-2018-4280", "CVE-2018-4282", "CVE-2018-4284", "CVE-2018-4293"], "modified": "2018-07-09T00:00:00", "id": "APPLE:F52BBE9E38D36E50FE361A61D2A33D59", "href": "https://support.apple.com/kb/HT208936", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of iTunes 12.9.1 for Windows\n\nThis document describes the security content of iTunes 12.9.1 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.9.1 for Windows\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated December 18, 2018\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated December 18, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 03, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.9.1 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4416"], "modified": "2018-10-30T00:00:00", "id": "APPLE:4FFA75364DF223AAC40258980F223476", "href": "https://support.apple.com/kb/HT209197", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:12", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iTunes 12.9.1 for Windows\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated December 18, 2018\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Windows 7 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated December 18, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-03T09:47:07", "title": "About the security content of iTunes 12.9.1 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4409", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4386"], "modified": "2019-04-03T09:47:07", "id": "APPLE:HT209197", "href": "https://support.apple.com/kb/HT209197", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-31T03:30:32", "description": "# About the security content of iOS 11.4.1\n\nThis document describes the security content of iOS 11.4.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 11.4.1\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**Core Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4327: Apple\n\nEntry added August 8, 2018\n\n**Emoji**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing an emoji under certain configurations may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4290: Patrick Wardle of Digita Security\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Phone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to bypass the call confirmation prompt\n\nDescription: A logic issue existed in the handling of call URLs. This issue was addressed with improved state management.\n\nCVE-2018-4216: Abraham Masri (@cheesecakeufo)\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4274: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4275: Brandon Azad\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of iOS 11.4.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4216", "CVE-2018-4248", "CVE-2018-4260", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4274", "CVE-2018-4275", "CVE-2018-4277", "CVE-2018-4278", "CVE-2018-4280", "CVE-2018-4282", "CVE-2018-4284", "CVE-2018-4290", "CVE-2018-4293", "CVE-2018-4327"], "modified": "2018-07-09T00:00:00", "id": "APPLE:8CB247B18F47EA0CF69B5669B06D8473", "href": "https://support.apple.com/kb/HT208938", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:42", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 11.4.1\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**Core Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4327: Apple\n\nEntry added August 8, 2018\n\n**Emoji**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing an emoji under certain configurations may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4290: Patrick Wardle of Digita Security\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Phone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to bypass the call confirmation prompt\n\nDescription: A logic issue existed in the handling of call URLs. This issue was addressed with improved state management.\n\nCVE-2018-4216: Abraham Masri (@cheesecakeufo)\n\nEntry added October 18, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate audio data cross-origin\n\nDescription: Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.\n\nCVE-2018-4278: Jun Kokatsu (@shhnjk)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4274: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4261: Omair working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4263: Arayz working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4265: cc working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4267: Arayz of Pangu team working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n**WebKit Page Loading**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4275: Brandon Azad\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T12:38:42", "title": "About the security content of iOS 11.4.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4327", "CVE-2018-4275", "CVE-2018-4282", "CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4261", "CVE-2018-4277", "CVE-2018-4290", "CVE-2018-4267", "CVE-2018-4273", "CVE-2018-4248", "CVE-2018-4271", "CVE-2018-4278", "CVE-2018-4263", "CVE-2018-4274", "CVE-2018-4216", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4280", "CVE-2018-4260", "CVE-2018-4265", "CVE-2018-4262"], "modified": "2018-11-17T12:38:42", "id": "APPLE:HT208938", "href": "https://support.apple.com/kb/HT208938", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:22", "description": "# About the security content of watchOS 4.3.2\n\nThis document describes the security content of watchOS 4.3.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 4.3.2\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: All Apple Watch models\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 2, 2018\n\n**Emoji**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing an emoji under certain configurations may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4290: Patrick Wardle of Digita Security\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 17, 2018\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-09T00:00:00", "type": "apple", "title": "About the security content of watchOS 4.3.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4248", "CVE-2018-4262", "CVE-2018-4264", "CVE-2018-4266", "CVE-2018-4269", "CVE-2018-4270", "CVE-2018-4271", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4277", "CVE-2018-4280", "CVE-2018-4282", "CVE-2018-4284", "CVE-2018-4290", "CVE-2018-4293"], "modified": "2018-07-09T00:00:00", "id": "APPLE:F907B2739AEB3011F5D0E50C8CB626CC", "href": "https://support.apple.com/kb/HT208935", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:36", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 4.3.2\n\nReleased July 9, 2018\n\n**CFNetwork**\n\nAvailable for: All Apple Watch models\n\nImpact: Cookies may unexpectedly persist in Safari\n\nDescription: A cookie management issue was addressed with improved checks.\n\nCVE-2018-4293: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4269: Abraham Masri (@cheesecakeufo)\n\nEntry added October 2, 2018\n\n**Emoji**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing an emoji under certain configurations may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved memory handling.\n\nCVE-2018-4290: Patrick Wardle of Digita Security\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2018-4282: Adam Donenfeld (@doadam) of the Zimperium zLabs Team, Proteas of Qihoo 360 Nirvan Team, Valentin \"slashd\" Shilnenkov\n\nEntry updated November 16, 2018\n\n**libxpc**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4280: Brandon Azad\n\n**libxpc**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4248: Brandon Azad\n\n**LinkPresentation**\n\nAvailable for: All Apple Watch models\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4270: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2018-4284: found by OSS-Fuzz\n\nEntry updated October 2, 2018\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2018-4266: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4262: Mateusz Krzywicki working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4264: found by OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab\n\nCVE-2018-4272: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2018-4271: found by OSS-Fuzz\n\nCVE-2018-4273: found by OSS-Fuzz\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-17T01:10:04", "title": "About the security content of watchOS 4.3.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4282", "CVE-2018-4270", "CVE-2018-4266", "CVE-2018-4272", "CVE-2018-4264", "CVE-2018-4277", "CVE-2018-4290", "CVE-2018-4273", "CVE-2018-4248", "CVE-2018-4269", "CVE-2018-4271", "CVE-2018-4284", "CVE-2018-4293", "CVE-2018-4280", "CVE-2018-4262"], "modified": "2018-11-17T01:10:04", "id": "APPLE:HT208935", "href": "https://support.apple.com/kb/HT208935", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "# About the security content of watchOS 5.1\n\nThis document describes the security content of watchOS 5.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 5.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\n****CVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\n**CoreCrypto**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IPSec**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**NetworkExtension**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Safari Reader**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 27, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of watchOS 5.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420"], "modified": "2018-10-30T00:00:00", "id": "APPLE:96590006FAF6A64CD43D6AC6A40145E8", "href": "https://support.apple.com/kb/HT209195", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:23", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## watchOS 5.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\n****CVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\n**CoreCrypto**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IPSec**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**NetworkExtension**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Safari Reader**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added April 3, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-27T08:13:56", "title": "About the security content of watchOS 5.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4368", "CVE-2018-4400", "CVE-2018-4384", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4369", "CVE-2018-4413", "CVE-2018-4420", "CVE-2018-4419", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4371", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4386"], "modified": "2020-07-27T08:13:56", "id": "APPLE:HT209195", "href": "https://support.apple.com/kb/HT209195", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of tvOS 12\n\nThis document describes the security content of tvOS 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 12\n\nReleased September 17, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**dyld**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Safari**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added October 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 01, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of tvOS 12", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4321", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4354", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-4433", "CVE-2018-4474", "CVE-2018-5383"], "modified": "2018-09-17T00:00:00", "id": "APPLE:95BC210DA5C57E5032BDB392962096A3", "href": "https://support.apple.com/kb/HT209107", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:38", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 12\n\nReleased September 17, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**dyld**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Safari**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added October 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-01T04:44:27", "title": "About the security content of tvOS 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4383", "CVE-2018-4321", "CVE-2018-4425", "CVE-2018-4354", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4399", "CVE-2018-4305", "CVE-2018-4323", "CVE-2018-4433", "CVE-2018-4337", "CVE-2018-4407", "CVE-2018-4360", "CVE-2018-4336", "CVE-2018-4345", "CVE-2018-4304", "CVE-2018-4340", "CVE-2018-4299", "CVE-2018-4395", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2016-1777", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4401", "CVE-2018-4343", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4363", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4203", "CVE-2018-4426", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4313", "CVE-2018-4309", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-5383", "CVE-2018-4359", "CVE-2018-4341", "CVE-2018-4344", "CVE-2018-4126"], "modified": "2019-08-01T04:44:27", "id": "APPLE:HT209107", "href": "https://support.apple.com/kb/HT209107", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-25T11:32:28", "description": "# About the security content of tvOS 12.1\n\nThis document describes the security content of tvOS 12.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 12.1\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IPSec**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**NetworkExtension**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of tvOS 12.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420"], "modified": "2018-10-30T00:00:00", "id": "APPLE:73540310153AD01F113FB2799B0DF642", "href": "https://support.apple.com/kb/HT209194", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## tvOS 12.1\n\nReleased October 30, 2018\n\n**CoreCrypto**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**ICU**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IPSec**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**NetworkExtension**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-23T08:37:05", "title": "About the security content of tvOS 12.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372", "CVE-2018-4368", "CVE-2018-4392", "CVE-2018-4369", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4420", "CVE-2018-4419", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4371", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4386"], "modified": "2019-01-23T08:37:05", "id": "APPLE:HT209194", "href": "https://support.apple.com/kb/HT209194", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 12\n\nReleased September 17, 2018\n\n**Accounts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local app may be able to read a persistent account identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreMedia**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An app may be able to learn information about the current camera view before being granted camera access\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2018-4356: an anonymous researcher\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 13, 2018\n\n**Crash Reporter**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4333: Brandon Azad\n\nEntry added September 24, 2018\n\n**dyld**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry updated January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4355: evi1m0 of bilibili security team\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated September 17, 2019\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 30, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4335: Brandon Azad\n\n**IOUserEthernet**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**mDNSOffloadUserClient**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\n\nEntry added October 30, 2018\n\n**MediaRemote**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\n\nEntry added October 30, 2018\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted notes\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions.\n\nCVE-2018-4352: Utku Altinkaynak\n\nEntry updated October 30, 2018\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2018-4325: Brian Adeloye\n\n**Symptom Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 13, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**APFS**\n\nWe would like to acknowledge Umang Raghuvanshi for their assistance.\n\nEntry added December 13, 2018\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**configd**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**CoreSymbolication**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Exchange ActiveSync**\n\nWe would like to acknowledge an anonymous researcher, Jesse Thompson of University of Wisconsin-Madison for their assistance.\n\nEntry updated January 22, 2019\n\n**Feedback Assistant**\n\nWe would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Mail**\n\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek \u017b\u00f3\u0142kiewski for their assistance.\n\n**MediaRemote**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge lokihardt of Google Project Zero for their assistance.\n\nEntry added December 13, 2018\n\n**Safari**\n\nWe would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip Klubi\u010dka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Horatiu Graur of SoftVision, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, an anonymous researcher for their assistance.\n\nEntry updated June 24, 2019\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Status Bar**\n\nWe would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-17T10:55:07", "title": "About the security content of iOS 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4383", "CVE-2018-4321", "CVE-2018-4425", "CVE-2018-4354", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4307", "CVE-2018-4399", "CVE-2018-4305", "CVE-2018-4323", "CVE-2018-4433", "CVE-2018-4319", "CVE-2018-4337", "CVE-2018-4407", "CVE-2018-4362", "CVE-2018-4360", "CVE-2018-4336", "CVE-2018-4345", "CVE-2018-4304", "CVE-2018-4340", "CVE-2018-4333", "CVE-2018-4299", "CVE-2018-4322", "CVE-2018-4329", "CVE-2018-4395", "CVE-2018-4356", "CVE-2018-4325", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4355", "CVE-2018-4311", "CVE-2016-1777", "CVE-2018-4310", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4401", "CVE-2018-4343", "CVE-2018-4314", "CVE-2018-4352", "CVE-2018-4316", "CVE-2018-4335", "CVE-2018-4306", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4363", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4203", "CVE-2018-4326", "CVE-2018-4426", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4313", "CVE-2018-4309", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-5383", "CVE-2018-4359", "CVE-2018-4341", "CVE-2018-4344", "CVE-2018-4126"], "modified": "2019-09-17T10:55:07", "id": "APPLE:HT209106", "href": "https://support.apple.com/kb/HT209106", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:23", "description": "# About the security content of iOS 12\n\nThis document describes the security content of iOS 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 12\n\nReleased September 17, 2018\n\n**Accounts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local app may be able to read a persistent account identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreMedia**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An app may be able to learn information about the current camera view before being granted camera access\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2018-4356: an anonymous researcher\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 13, 2018\n\n**Crash Reporter**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4333: Brandon Azad\n\nEntry added September 24, 2018\n\n**dyld**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry updated January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4355: evi1m0 of bilibili security team\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated September 17, 2019\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 30, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4335: Brandon Azad\n\n**IOUserEthernet**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**mDNSOffloadUserClient**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\n\nEntry added October 30, 2018\n\n**MediaRemote**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\n\nEntry added October 30, 2018\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted notes\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions.\n\nCVE-2018-4352: Utku Altinkaynak\n\nEntry updated October 30, 2018\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2018-4325: Brian Adeloye\n\n**Symptom Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 13, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**APFS**\n\nWe would like to acknowledge Umang Raghuvanshi for their assistance.\n\nEntry added December 13, 2018\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**configd**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**CoreSymbolication**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Exchange ActiveSync**\n\nWe would like to acknowledge an anonymous researcher, Jesse Thompson of University of Wisconsin-Madison for their assistance.\n\nEntry updated January 22, 2019\n\n**Feedback Assistant**\n\nWe would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Mail**\n\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek \u017b\u00f3\u0142kiewski for their assistance.\n\n**MediaRemote**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge lokihardt of Google Project Zero for their assistance.\n\nEntry added December 13, 2018\n\n**Safari**\n\nWe would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip Klubi\u010dka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Horatiu Graur of SoftVision, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, an anonymous researcher for their assistance.\n\nEntry updated June 24, 2019\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Status Bar**\n\nWe would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 17, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of iOS 12", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4310", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4321", "CVE-2018-4322", "CVE-2018-4323", "CVE-2018-4325", "CVE-2018-4326", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333", "CVE-2018-4335", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4352", "CVE-2018-4354", "CVE-2018-4355", "CVE-2018-4356", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4362", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-4433", "CVE-2018-4474", "CVE-2018-5383"], "modified": "2018-09-17T00:00:00", "id": "APPLE:E6562A443B7DE882FE6DB7BD64EBE1E5", "href": "https://support.apple.com/kb/HT209106", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-14T04:14:26", "description": "# About the security content of iOS 12.1\n\nThis document describes the security content of iOS 12.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 12.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: natashenka of Google Project Zero\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read a persistent device identifier\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2018-4339: Michael Thomas (@NSBiscuit)\n\nEntry added June 24, 2019\n\n**Contacts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4365: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4366: natashenka of Google Project Zero\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4367: natashenka of Google Project Zero\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: natashenka of Google Project Zero\n\nEntry updated November 16, 2018\n\n**ICU**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4427: Pangu Team\n\n**IPSec**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\n**NetworkExtension**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to share items from the lock screen\n\nDescription: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.\n\nCVE-2018-4388: videosdebarraquito\n\nEntry updated November 16, 2018\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**VoiceOver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to view photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2018-4387: videosdebarraquito\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4385: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**CommonCrypto**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Books**\n\nWe would like to acknowledge Sem Voigtl\u00e4nder of Fontys Hogeschool ICT for their assistance.\n\nEntry updated September 17, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added September 17, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T00:00:00", "type": "apple", "title": "About the security content of iOS 12.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4339", "CVE-2018-4365", "CVE-2018-4366", "CVE-2018-4367", "CVE-2018-4368", "CVE-2018-4369", "CVE-2018-4371", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4374", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4377", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4382", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4386", "CVE-2018-4387", "CVE-2018-4388", "CVE-2018-4390", "CVE-2018-4391", "CVE-2018-4392", "CVE-2018-4394", "CVE-2018-4398", "CVE-2018-4400", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4416", "CVE-2018-4419", "CVE-2018-4420", "CVE-2018-4427"], "modified": "2018-10-30T00:00:00", "id": "APPLE:17C608E2C103690298834FEC459F2960", "href": "https://support.apple.com/kb/HT209192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:41", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## iOS 12.1\n\nReleased October 30, 2018\n\n**AppleAVD**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read a persistent device identifier\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2018-4339: Michael Thomas (@NSBiscuit)\n\nEntry added June 24, 2019\n\n**Contacts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted vcf file may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4365: an anonymous researcher\n\n**CoreCrypto**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers\n\nDescription: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.\n\nCVE-2018-4398: Martin Albrecht, Jake Massimo and Kenny Paterson of Royal Holloway, University of London, and Juraj Somorovsky of Ruhr University, Bochum\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4366: Natalie Silvanovich of Google Project Zero\n\n**FaceTime**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4367: Natalie Silvanovich of Google Project Zero\n\n**Graphics Driver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4384: Natalie Silvanovich of Google Project Zero\n\nEntry updated November 16, 2018\n\n**ICU**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted string may lead to heap corruption\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4394: Erik Verbruggen of The Qt Company\n\nEntry updated November 16, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4427: Pangu Team\n\n**IPSec**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2018-4371: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2018-4420: Mohamed Ghannam (@_simo36)\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2018-4413: Juwei Lin (@panicaII) of TrendMicro Mobile Security Team\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4419: Mohamed Ghannam (@_simo36)\n\n**Mail**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted message may lead to a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4381: Angel Ramirez\n\nEntry added January 22, 2019\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text message may lead to UI spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\n**NetworkExtension**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Connecting to a VPN server may leak DNS queries to a DNS proxy\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4369: an anonymous researcher\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to share items from the lock screen\n\nDescription: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.\n\nCVE-2018-4388: videosdebarraquito\n\nEntry updated November 16, 2018\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2018-4374: Ryan Pickren (ryanpickren.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4377: Ryan Pickren (ryanpickren.com)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2018-4400: Yukinobu Nagayasu of LAC Co., Ltd.\n\n**VoiceOver**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local attacker may be able to view photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2018-4387: videosdebarraquito\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4385: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4372: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea\n\nCVE-2018-4373: ngg, alippai, DirtYiCE, KT of Tresorit working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2018-4375: Yu Haiwan and Wu Hongjun From Nanyang Technological University working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4376: 010 working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4382: lokihardt of Google Project Zero\n\nCVE-2018-4386: lokihardt of Google Project Zero\n\nCVE-2018-4392: zhunki of 360 ESG Codesafe Team\n\nCVE-2018-4416: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to cause a denial of service\n\nDescription: A resource exhaustion issue was addressed with improved input validation.\n\nCVE-2018-4409: Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4378: HyungSeok Han, DongHyeon Oh, and Sang Kil Cha of KAIST Softsec Lab, Korea, zhunki of 360 ESG Codesafe Team\n\nEntry updated November 16, 2018\n\n**WiFi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4368: Milan Stute and Alex Mariotto of Secure Mobile Networking Lab at Technische Universit\u00e4t Darmstadt\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Certificate Signing**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**CommonCrypto**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**coreTLS**\n\nWe would like to acknowledge Eyal Ronen (Weizmann Institute), Robert Gillham (University of Adelaide), Daniel Genkin (University of Michigan), Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom (University of Adelaide and Data61) for their assistance.\n\nEntry added December 12, 2018\n\n**Books**\n\nWe would like to acknowledge Sem Voigtl\u00e4nder of Fontys Hogeschool ICT for their assistance.\n\nEntry updated September 17, 2019\n\n**Safari Reader**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added September 17, 2019\n\n**Security**\n\nWe would like to acknowledge Marinos Bernitsas of Parachute for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-17T10:50:05", "title": "About the security content of iOS 12.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4390", "CVE-2018-4372", "CVE-2018-4368", "CVE-2018-4400", "CVE-2018-4384", "CVE-2018-4385", "CVE-2018-4392", "CVE-2018-4376", "CVE-2018-4366", "CVE-2018-4365", "CVE-2018-4427", "CVE-2018-4377", "CVE-2018-4369", "CVE-2018-4409", "CVE-2018-4413", "CVE-2018-4420", "CVE-2018-4419", "CVE-2018-4398", "CVE-2018-4382", "CVE-2018-4391", "CVE-2018-4371", "CVE-2018-4375", "CVE-2018-4374", "CVE-2018-4367", "CVE-2018-4378", "CVE-2018-4381", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4394", "CVE-2018-4388", "CVE-2018-4339", "CVE-2018-4386", "CVE-2018-4387"], "modified": "2019-09-17T10:50:05", "id": "APPLE:HT209192", "href": "https://support.apple.com/kb/HT209192", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:46:05", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5,\nSafari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4358", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4358"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4358", "href": "https://ubuntu.com/security/CVE-2018-4358", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:07", "description": "A use after free issue was addressed with improved memory management. This\nissue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9\nfor Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4318", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4318"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4318", "href": "https://ubuntu.com/security/CVE-2018-4318", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:34", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, watchOS 5.1,\nSafari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4373", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4373"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4373", "href": "https://ubuntu.com/security/CVE-2018-4373", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:34", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, tvOS 12.1,\nwatchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4382", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4382"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4382", "href": "https://ubuntu.com/security/CVE-2018-4382", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:34", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, tvOS 12.1,\nwatchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4392", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4392"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4392", "href": "https://ubuntu.com/security/CVE-2018-4392", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:06", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12,\niTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4323", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4323"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4323", "href": "https://ubuntu.com/security/CVE-2018-4323", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:44:59", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, tvOS 12.1,\nwatchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-22T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4372", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4372"], "modified": "2018-11-22T00:00:00", "id": "UB:CVE-2018-4372", "href": "https://ubuntu.com/security/CVE-2018-4372", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:06", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12,\niTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4328", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4328"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4328", "href": "https://ubuntu.com/security/CVE-2018-4328", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:33", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, watchOS 5.1,\nSafari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4376", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4376"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4376", "href": "https://ubuntu.com/security/CVE-2018-4376", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:05", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5,\nSafari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4359", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4359"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4359", "href": "https://ubuntu.com/security/CVE-2018-4359", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:33", "description": "A memory corruption issue was addressed with improved validation. This\nissue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari\n12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4378", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4378"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4378", "href": "https://ubuntu.com/security/CVE-2018-4378", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:18", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1,\nwatchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows\n7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4264", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4264"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4264", "href": "https://ubuntu.com/security/CVE-2018-4264", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:07", "description": "A memory corruption issue was addressed with improved state management.\nThis issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes\n12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4316"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4316", "href": "https://ubuntu.com/security/CVE-2018-4316", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:06", "description": "A use after free issue was addressed with improved memory management. This\nissue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9\nfor Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4315", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4315"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4315", "href": "https://ubuntu.com/security/CVE-2018-4315", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:05", "description": "A cross-origin issue existed with \"iframe\" elements. This was addressed\nwith improved tracking of security origins. This issue affected versions\nprior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for\nWindows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4319", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4319"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4319", "href": "https://ubuntu.com/security/CVE-2018-4319", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-04T13:44:59", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, tvOS 12.1,\nwatchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-22T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4386", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4386"], "modified": "2018-11-22T00:00:00", "id": "UB:CVE-2018-4386", "href": "https://ubuntu.com/security/CVE-2018-4386", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:08", "description": "A cross-site scripting issue existed in Safari. This issue was addressed\nwith improved URL validation. This issue affected versions prior to iOS 12,\ntvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4309", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4309"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4309", "href": "https://ubuntu.com/security/CVE-2018-4309", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T13:47:18", "description": "A type confusion issue was addressed with improved memory handling. This\nissue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2,\nSafari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4284", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4284"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4284", "href": "https://ubuntu.com/security/CVE-2018-4284", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:07", "description": "A use after free issue was addressed with improved memory management. This\nissue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9\nfor Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4306", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4306"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4306", "href": "https://ubuntu.com/security/CVE-2018-4306", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:18", "description": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1,\ntvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through\naudio elements may be exfiltrated cross-origin. This issue was addressed\nwith improved audio taint tracking.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4278", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4278"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4278", "href": "https://ubuntu.com/security/CVE-2018-4278", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T13:47:19", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1,\nSafari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4265", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4265"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4265", "href": "https://ubuntu.com/security/CVE-2018-4265", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:18", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1,\nwatchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows\n7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4272", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4272"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4272", "href": "https://ubuntu.com/security/CVE-2018-4272", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:34", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 12.1, watchOS 5.1,\nSafari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4375", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4375"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4375", "href": "https://ubuntu.com/security/CVE-2018-4375", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:17", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1,\nSafari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4267", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4267"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4267", "href": "https://ubuntu.com/security/CVE-2018-4267", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:46:05", "description": "A memory consumption issue was addressed with improved memory handling.\nThis issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari\n12, iTunes 12.9 for Windows, iCloud for Windows 7.7.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4361", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361"], "modified": "2018-09-28T00:00:00", "id": "UB:CVE-2018-4361", "href": "https://ubuntu.com/security/CVE-2018-4361", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:47:18", "description": "Multiple memory corruption issues were addressed with improved input\nvalidation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1,\nwatchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows\n7.6.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4273", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4273"], "modified": "2018-08-06T00:00:00", "id": "UB:CVE-2018-4273", "href": "https://ubuntu.com/security/CVE-2018-4273", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "zdi": [{"lastseen": "2022-01-31T21:45:22", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Arrays. By performing actions in JavaScript, an attacker can trigger access to memory prior to initialization. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": &