Multiple memory corruption issues were addressed with improved memory
handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5,
Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
#### Notes
Author| Note
---|---
[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
{"zdi": [{"lastseen": "2022-01-31T21:45:21", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of proxy calls. The issue lies in the lack of proper validation of an object prior to making a call. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-24T00:00:00", "type": "zdi", "title": "Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4299"], "modified": "2018-09-24T00:00:00", "id": "ZDI-18-1081", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1081/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T17:33:59", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "cve", "title": "CVE-2018-4299", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4299"], "modified": "2019-04-04T18:37:00", "cpe": [], "id": "CVE-2018-4299", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4299", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-08-10T16:34:40", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "debiancve", "title": "CVE-2018-4299", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4299"], "modified": "2019-04-03T18:29:00", "id": "DEBIANCVE:CVE-2018-4299", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4299", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:04:26", "description": "This host is running Apple iTunes and is\n prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities-HT209140", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310814308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities-HT209140 (Windows)\n#\n# Authors:\n# Vidita V Koushik <vidita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes:\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814308\");\n script_version(\"2019-07-05T09:54:18+0000\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4311\", \"CVE-2018-4316\", \"CVE-2018-4299\",\n \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\",\n \"CVE-2018-4319\", \"CVE-2018-4309\", \"CVE-2018-4197\", \"CVE-2018-4306\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4345\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:54:18 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 10:51:28 +0530 (Thu, 04 Oct 2018)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities-HT209140\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple iTunes and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption issues.\n\n - A cross-origin issue with iframe elements.\n\n - A cross-site scripting issue in Safari.\n\n - A use after free issue.\n\n - A memory consumption issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct cross site scripting and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\nif(version_is_less(version:appVer, test_version:\"12.9\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:13", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-09T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT209141)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT209141)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814073\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4311\", \"CVE-2018-4316\", \"CVE-2018-4299\",\n \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\",\n \"CVE-2018-4319\", \"CVE-2018-4309\", \"CVE-2018-4197\", \"CVE-2018-4306\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4345\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-09 10:19:54 +0530 (Tue, 09 Oct 2018)\");\n script_name(\"Apple iCloud Security Updates(HT209141)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues.\n\n - Multiple cross-origin issues.\n\n - A use after free issue.\n\n - Multiple cross-site scripting issues related to poor URL validation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote\n attackers to execute arbitrary code, bypass security restrictions and conduct\n cross-site scripting and causes an ASSERT failure.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.7 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.7 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209141\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.7\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.7\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3781-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4208", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3781_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843650\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 08:26:27 +0200 (Thu, 04 Oct 2018)\");\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\",\n \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\",\n \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\",\n \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\",\n \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\",\n \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3781-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were discovered\nin the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3781-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3781-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.22.2-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.22.2-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:46:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4361", "CVE-2018-4437", "CVE-2018-4328", "CVE-2018-4372", "CVE-2018-4358", "CVE-2018-4442", "CVE-2018-4323", "CVE-2018-4165", "CVE-2018-4319", "CVE-2018-4443", "CVE-2018-4392", "CVE-2018-4345", "CVE-2018-4376", "CVE-2018-4207", "CVE-2018-4299", "CVE-2018-4438", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4163", "CVE-2018-4318", "CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4314", "CVE-2018-4382", "CVE-2018-4316", "CVE-2018-4464", "CVE-2018-4306", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4375", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4208", "CVE-2018-4378", "CVE-2018-4441", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4373", "CVE-2018-4416", "CVE-2018-4359", "CVE-2018-4386"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852248", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852248\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\",\n \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\",\n \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\",\n \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\",\n \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\",\n \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\",\n \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\",\n \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\",\n \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\",\n \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\",\n \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-24 04:02:18 +0100 (Thu, 24 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0081-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0081-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0081-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\n CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\n CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\n CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\n CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\n bsc#1110279)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-81=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.22.5~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:30:31", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/117879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117879);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"Apple iTunes < 12.9 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\n\napp = 'iTunes DAAP';\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\napp_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\n\nconstraints = [{'fixed_version':'12.9'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:44", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9.NASL", "href": "https://www.tenable.com/plugins/nessus/117880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117880);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9. It is, therefore, affected by multiple vulnerabilities \nas referenced in the HT209140 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209140\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.9\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:13", "description": "The version of Apple Safari installed on the remote host is prior to 12. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4311", "CVE-2018-4195", "CVE-2018-4307", "CVE-2018-4360", "CVE-2018-4329"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700505.PRM", "href": "https://www.tenable.com/plugins/nnm/700505", "sourceData": "Binary data 700505.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:31:07", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-09-20T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4195", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI12.NASL", "href": "https://www.tenable.com/plugins/nessus/117617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117617);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4191\",\n \"CVE-2018-4195\",\n \"CVE-2018-4197\",\n \"CVE-2018-4299\",\n \"CVE-2018-4306\",\n \"CVE-2018-4307\",\n \"CVE-2018-4309\",\n \"CVE-2018-4311\",\n \"CVE-2018-4312\",\n \"CVE-2018-4314\",\n \"CVE-2018-4315\",\n \"CVE-2018-4316\",\n \"CVE-2018-4317\",\n \"CVE-2018-4318\",\n \"CVE-2018-4319\",\n \"CVE-2018-4323\",\n \"CVE-2018-4328\",\n \"CVE-2018-4329\",\n \"CVE-2018-4345\",\n \"CVE-2018-4358\",\n \"CVE-2018-4359\",\n \"CVE-2018-4360\",\n \"CVE-2018-4361\"\n );\n\n script_name(english:\"macOS : Apple Safari < 12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X \nhost is prior to 12. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209109\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4361\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.0\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:47", "description": "The remote host is affected by the vulnerability described in GLSA-201812-04 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-03T00:00:00", "type": "nessus", "title": "GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-04-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201812-04.NASL", "href": "https://www.tenable.com/plugins/nessus/119323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201812-04.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119323);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/30 14:30:16\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"GLSA\", value:\"201812-04\");\n\n script_name(english:\"GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201812-04\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary commands or cause a Denial of\n Service condition via maliciously crafted web content.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201812-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.22.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.22.0\"), vulnerable:make_list(\"lt 2.22.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:50", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3781-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3781-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117914);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4311\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\");\n script_xref(name:\"USN\", value:\"3781-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : webkit2gtk vulnerabilities (USN-3781-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3781-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.22.2-0ubuntu0.18.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:14:04", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0059-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121093);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4262/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4263/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4266/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4270/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190059-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?987bc725\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-59=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-59=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-59=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-59=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-2.29.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.4-2.29.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:11:21", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0092-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121206);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\nCVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\nCVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\nCVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\nCVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\nCVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\nCVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\nCVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\nbsc#1110279)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4210/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4213/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4299/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4306/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4314/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4315/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4316/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4317/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4319/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4328/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4358/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4359/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4361/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4376/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4378/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4392/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4416/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190092-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c8c2c8c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-92=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-92=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-92=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.5-3.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.5-3.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:11:04", "description": "This update for webkit2gtk3 to version 2.22.4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-68.NASL", "href": "https://www.tenable.com/plugins/nessus/121291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-68.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121291);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4261\", \"CVE-2018-4262\", \"CVE-2018-4263\", \"CVE-2018-4264\", \"CVE-2018-4265\", \"CVE-2018-4266\", \"CVE-2018-4267\", \"CVE-2018-4270\", \"CVE-2018-4272\", \"CVE-2018-4273\", \"CVE-2018-4278\", \"CVE-2018-4284\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)\");\n script_summary(english:\"Check for the openSUSE-2019-68 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.4 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\nCVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314,\nCVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\nCVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\nCVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372,\nCVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\nCVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279,\nbsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update\nupdate project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:14:40", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392, CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-81.NASL", "href": "https://www.tenable.com/plugins/nessus/121339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121339);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-11713\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4191\", \"CVE-2018-4197\", \"CVE-2018-4207\", \"CVE-2018-4208\", \"CVE-2018-4209\", \"CVE-2018-4210\", \"CVE-2018-4212\", \"CVE-2018-4213\", \"CVE-2018-4299\", \"CVE-2018-4306\", \"CVE-2018-4309\", \"CVE-2018-4312\", \"CVE-2018-4314\", \"CVE-2018-4315\", \"CVE-2018-4316\", \"CVE-2018-4317\", \"CVE-2018-4318\", \"CVE-2018-4319\", \"CVE-2018-4323\", \"CVE-2018-4328\", \"CVE-2018-4345\", \"CVE-2018-4358\", \"CVE-2018-4359\", \"CVE-2018-4361\", \"CVE-2018-4372\", \"CVE-2018-4373\", \"CVE-2018-4375\", \"CVE-2018-4376\", \"CVE-2018-4378\", \"CVE-2018-4382\", \"CVE-2018-4386\", \"CVE-2018-4392\", \"CVE-2018-4416\", \"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-81)\");\n script_summary(english:\"Check for the openSUSE-2019-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386,\n CVE-2018-4375, CVE-2018-4376, CVE-2018-4378,\n CVE-2018-4382, CVE-2018-4392, CVE-2018-4416,\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312,\n CVE-2018-4314, CVE-2018-4315, CVE-2018-4316,\n CVE-2018-4317, CVE-2018-4318, CVE-2018-4319,\n CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373,\n CVE-2018-4162, CVE-2018-4163, CVE-2018-4165,\n CVE-2018-11713, CVE-2018-4207, CVE-2018-4208,\n CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464 (bsc#1119558, bsc#1116998, bsc#1110279)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.5-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T17:59:50", "description": "The version of Apple iOS running on the mobile device is prior to 12.0. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-09-21T00:00:00", "type": "nessus", "title": "Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4310", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4321", "CVE-2018-4322", "CVE-2018-4323", "CVE-2018-4325", "CVE-2018-4326", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333", "CVE-2018-4335", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4352", "CVE-2018-4354", "CVE-2018-4355", "CVE-2018-4356", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4362", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-5383"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_120_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/117632", "sourceData": "Binary data apple_ios_120_check.nbin", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple iOS running on the mobile device is prior to 12.0. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.0 Multiple Vulnerabilities (EFAIL, APPLE-SA-2018-9-24-4 and APPLE-SA-2018-10-30-8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-5383", "CVE-2018-4311", "CVE-2018-4326", "CVE-2018-4407", "CVE-2018-4126", "CVE-2018-4203", "CVE-2018-4307", "CVE-2018-4310", "CVE-2018-4354", "CVE-2018-4341", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4401", "CVE-2018-4414", "CVE-2018-4383", "CVE-2018-4425", "CVE-2018-4360", "CVE-2018-4426", "CVE-2018-4336", "CVE-2018-4340", "CVE-2018-4337", "CVE-2018-4332", "CVE-2018-4347", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4331", "CVE-2018-4313", "CVE-2018-4329", "CVE-2018-4335", "CVE-2018-4333", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4355", "CVE-2018-4363", "CVE-2018-4362", "CVE-2018-4399", "CVE-2018-4395", "CVE-2018-4356", "CVE-2018-4352", "CVE-2018-4325", "CVE-2018-4322", "CVE-2018-4321", "CVE-2016-1777"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700552.PRM", "href": "https://www.tenable.com/plugins/nnm/700552", "sourceData": "Binary data 700552.prm", "cvss": {"score": 5.4, "vector": "CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:12:12", "description": "### *Detect date*:\n09/12/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files.\n\n### *Affected products*:\nApple iTunes earlier than 12.9\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.9 for Windows](<https://support.apple.com/ru-ru/HT209140>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2018-4191](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4191>)6.8High \n[CVE-2018-4311](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4311>)5.8High \n[CVE-2018-4316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4316>)6.8High \n[CVE-2018-4299](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4299>)6.8High \n[CVE-2018-4323](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4323>)6.8High \n[CVE-2018-4328](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4328>)6.8High \n[CVE-2018-4358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4358>)6.8High \n[CVE-2018-4359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4359>)6.8High \n[CVE-2018-4319](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4319>)5.8High \n[CVE-2018-4309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4309>)4.3Warning \n[CVE-2018-4197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4197>)6.8High \n[CVE-2018-4306](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4306>)6.8High \n[CVE-2018-4312](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4312>)6.8High \n[CVE-2018-4314](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4314>)6.8High \n[CVE-2018-4315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4315>)6.8High \n[CVE-2018-4317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4317>)6.8High \n[CVE-2018-4318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4318>)6.8High \n[CVE-2018-4345](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4345>)4.3Warning \n[CVE-2018-4361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4361>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-12T00:00:00", "type": "kaspersky", "title": "KLA11323 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2020-06-03T00:00:00", "id": "KLA11323", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11323/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of iCloud for Windows 7.7\n\nThis document describes the security content of iCloud for Windows 7.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.7\n\nReleased October 8, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-08T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.7", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4474"], "modified": "2018-10-08T00:00:00", "id": "APPLE:DAAD09F066E4072297938AF9D44AFD8C", "href": "https://support.apple.com/kb/HT209141", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:19", "description": "# About the security content of Safari 12\n\nThis document describes the security content of Safari 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 12\n\nReleased September 17, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\nEntry updated September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: January 23, 2019\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of Safari 12", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4195", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4474"], "modified": "2018-09-17T00:00:00", "id": "APPLE:AB25A7A64582170A3171E4E960BCF621", "href": "https://support.apple.com/kb/HT209109", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-28T19:31:50", "description": "# About the security content of iTunes 12.9 for Windows\n\nThis document describes the security content of iTunes 12.9 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.9 for Windows\n\nReleased September 12, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vulcan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 22, 2020\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-12T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.9 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4474"], "modified": "2018-09-12T00:00:00", "id": "APPLE:B349435C870C5C95E8A00FFC3E3E648E", "href": "https://support.apple.com/kb/HT209140", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:56", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 12\n\nReleased September 17, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\nEntry updated September 24, 2018\n\n**Safari**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4195: xisigr of Tencent's Xuanwu Lab (www.tencent.com)\n\nEntry updated September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-23T08:10:26", "title": "About the security content of Safari 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4307", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4329", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4195"], "modified": "2019-01-23T08:10:26", "id": "APPLE:HT209109", "href": "https://support.apple.com/kb/HT209109", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:41:26", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.7\n\nReleased October 8, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-23T08:20:11", "title": "About the security content of iCloud for Windows 7.7 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4412", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4126"], "modified": "2019-01-23T08:20:11", "id": "APPLE:HT209141", "href": "https://support.apple.com/kb/HT209141", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:10", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.9 for Windows\n\nReleased September 12, 2018\n\n**CFNetwork**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry updated October 24, 2018\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added January 10, 2019\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n\n\n## Additional recognition\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vulcan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-10-22T03:26:11", "title": "About the security content of iTunes 12.9 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4323", "CVE-2018-4319", "CVE-2018-4360", "CVE-2018-4345", "CVE-2018-4299", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4311", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4412", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4309", "CVE-2018-4359", "CVE-2018-4126"], "modified": "2020-10-22T03:26:11", "id": "APPLE:HT209140", "href": "https://support.apple.com/kb/HT209140", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:35", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 5\n\nReleased September 17, 2018\n\n**CFNetwork**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: an anonymous researcher\n\nEntry added October 30, 2018\n\n**dyld**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Safari**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-01T04:36:25", "title": "About the security content of watchOS 5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4383", "CVE-2018-4425", "CVE-2018-4354", "CVE-2018-4358", "CVE-2018-4399", "CVE-2018-4305", "CVE-2018-4433", "CVE-2018-4319", "CVE-2018-4337", "CVE-2018-4407", "CVE-2018-4336", "CVE-2018-4304", "CVE-2018-4340", "CVE-2018-4299", "CVE-2018-4395", "CVE-2018-4414", "CVE-2018-4311", "CVE-2016-1777", "CVE-2018-4347", "CVE-2018-4401", "CVE-2018-4343", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4363", "CVE-2018-4191", "CVE-2018-4203", "CVE-2018-4426", "CVE-2018-4474", "CVE-2018-4313", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4359", "CVE-2018-4341", "CVE-2018-4344", "CVE-2018-4126"], "modified": "2019-08-01T04:36:25", "id": "APPLE:HT209108", "href": "https://support.apple.com/kb/HT209108", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of watchOS 5\n\nThis document describes the security content of watchOS 5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 5\n\nReleased September 17, 2018\n\n**CFNetwork**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: an anonymous researcher\n\nEntry added October 30, 2018\n\n**dyld**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Safari**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 01, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of watchOS 5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4311", "CVE-2018-4313", "CVE-2018-4319", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4347", "CVE-2018-4354", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-4433", "CVE-2018-4474"], "modified": "2018-09-17T00:00:00", "id": "APPLE:4F18D4C9912459DD113CA737563EA768", "href": "https://support.apple.com/kb/HT209108", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:20", "description": "# About the security content of tvOS 12\n\nThis document describes the security content of tvOS 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 12\n\nReleased September 17, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**dyld**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Safari**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added October 24, 2018\n\n\n\n## Additional recognition\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 01, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of tvOS 12", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4321", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4354", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-4433", "CVE-2018-4474", "CVE-2018-5383"], "modified": "2018-09-17T00:00:00", "id": "APPLE:95BC210DA5C57E5032BDB392962096A3", "href": "https://support.apple.com/kb/HT209107", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:38", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 12\n\nReleased September 17, 2018\n\n**Auto Unlock**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 18, 2018\n\n**dyld**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry added January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated August 1, 2019\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 24, 2018\n\n**IOUserEthernet**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Safari**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Symptom Framework**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 18, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added October 24, 2018\n\n\n\n## Additional recognition\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-01T04:44:27", "title": "About the security content of tvOS 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4383", "CVE-2018-4321", "CVE-2018-4425", "CVE-2018-4354", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4399", "CVE-2018-4305", "CVE-2018-4323", "CVE-2018-4433", "CVE-2018-4337", "CVE-2018-4407", "CVE-2018-4360", "CVE-2018-4336", "CVE-2018-4345", "CVE-2018-4304", "CVE-2018-4340", "CVE-2018-4299", "CVE-2018-4395", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2016-1777", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4401", "CVE-2018-4343", "CVE-2018-4314", "CVE-2018-4316", "CVE-2018-4306", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4363", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4203", "CVE-2018-4426", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4313", "CVE-2018-4309", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-5383", "CVE-2018-4359", "CVE-2018-4341", "CVE-2018-4344", "CVE-2018-4126"], "modified": "2019-08-01T04:44:27", "id": "APPLE:HT209107", "href": "https://support.apple.com/kb/HT209107", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 12\n\nReleased September 17, 2018\n\n**Accounts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local app may be able to read a persistent account identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreMedia**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An app may be able to learn information about the current camera view before being granted camera access\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2018-4356: an anonymous researcher\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 13, 2018\n\n**Crash Reporter**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4333: Brandon Azad\n\nEntry added September 24, 2018\n\n**dyld**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry updated January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4355: evi1m0 of bilibili security team\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated September 17, 2019\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 30, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4335: Brandon Azad\n\n**IOUserEthernet**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**mDNSOffloadUserClient**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\n\nEntry added October 30, 2018\n\n**MediaRemote**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\n\nEntry added October 30, 2018\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted notes\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions.\n\nCVE-2018-4352: Utku Altinkaynak\n\nEntry updated October 30, 2018\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2018-4325: Brian Adeloye\n\n**Symptom Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 13, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**APFS**\n\nWe would like to acknowledge Umang Raghuvanshi for their assistance.\n\nEntry added December 13, 2018\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**configd**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**CoreSymbolication**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Exchange ActiveSync**\n\nWe would like to acknowledge an anonymous researcher, Jesse Thompson of University of Wisconsin-Madison for their assistance.\n\nEntry updated January 22, 2019\n\n**Feedback Assistant**\n\nWe would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Mail**\n\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek \u017b\u00f3\u0142kiewski for their assistance.\n\n**MediaRemote**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge lokihardt of Google Project Zero for their assistance.\n\nEntry added December 13, 2018\n\n**Safari**\n\nWe would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip Klubi\u010dka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Horatiu Graur of SoftVision, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, an anonymous researcher for their assistance.\n\nEntry updated June 24, 2019\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Status Bar**\n\nWe would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-17T10:55:07", "title": "About the security content of iOS 12 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4361", "CVE-2018-4383", "CVE-2018-4321", "CVE-2018-4425", "CVE-2018-4354", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4307", "CVE-2018-4399", "CVE-2018-4305", "CVE-2018-4323", "CVE-2018-4433", "CVE-2018-4319", "CVE-2018-4337", "CVE-2018-4407", "CVE-2018-4362", "CVE-2018-4360", "CVE-2018-4336", "CVE-2018-4345", "CVE-2018-4304", "CVE-2018-4340", "CVE-2018-4333", "CVE-2018-4299", "CVE-2018-4322", "CVE-2018-4329", "CVE-2018-4395", "CVE-2018-4356", "CVE-2018-4325", "CVE-2018-4414", "CVE-2018-4197", "CVE-2018-4315", "CVE-2018-4355", "CVE-2018-4311", "CVE-2016-1777", "CVE-2018-4310", "CVE-2018-4318", "CVE-2018-4347", "CVE-2018-4401", "CVE-2018-4343", "CVE-2018-4314", "CVE-2018-4352", "CVE-2018-4316", "CVE-2018-4335", "CVE-2018-4306", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4363", "CVE-2018-4191", "CVE-2018-4312", "CVE-2018-4203", "CVE-2018-4326", "CVE-2018-4426", "CVE-2018-4474", "CVE-2018-4317", "CVE-2018-4313", "CVE-2018-4309", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-5383", "CVE-2018-4359", "CVE-2018-4341", "CVE-2018-4344", "CVE-2018-4126"], "modified": "2019-09-17T10:55:07", "id": "APPLE:HT209106", "href": "https://support.apple.com/kb/HT209106", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:23", "description": "# About the security content of iOS 12\n\nThis document describes the security content of iOS 12.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 12\n\nReleased September 17, 2018\n\n**Accounts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local app may be able to read a persistent account identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\n**Auto Unlock**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access local users AppleIDs\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.\n\nEntry added September 24, 2018\n\n**Bluetooth**\n\nAvailable for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.\n\nCVE-2018-5383: Lior Neumann and Eli Biham\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4412: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreFoundation**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4414: The UK's National Cyber Security Centre (NCSC)\n\nEntry added October 30, 2018\n\n**CoreMedia**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An app may be able to learn information about the current camera view before being granted camera access\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2018-4356: an anonymous researcher\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4347: Vasyl Tkachuk of Readdle\n\nEntry added October 30, 2018, updated December 13, 2018\n\n**Crash Reporter**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4333: Brandon Azad\n\nEntry added September 24, 2018\n\n**dyld**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4433: Vitaly Cheptsov\n\nEntry updated January 22, 2019\n\n**Grand Central Dispatch**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4426: Brandon Azad\n\nEntry added October 30, 2018\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4331: Brandon Azad\n\nCVE-2018-4332: Brandon Azad\n\nCVE-2018-4343: Brandon Azad\n\nEntry added October 30, 2018\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2018-4355: evi1m0 of bilibili security team\n\nEntry added October 30, 2018\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-4408: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018, updated September 17, 2019\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4341: Ian Beer of Google Project Zero\n\nCVE-2018-4354: Ian Beer of Google Project Zero\n\nEntry added October 30, 2018\n\n**IOKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4383: Apple\n\nEntry added October 30, 2018\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2018-4335: Brandon Azad\n\n**IOUserEthernet**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4401: Apple\n\nEntry added October 30, 2018\n\n**iTunes Store**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2018-4305: Jerry Decime\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An input validation issue existed in the kernel. This issue was addressed with improved input validation.\n\nCVE-2018-4363: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4336: Brandon Azad\n\nCVE-2018-4337: Ian Beer of Google Project Zero\n\nCVE-2018-4340: Mohamed Ghannam (@_simo36)\n\nCVE-2018-4344: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2018-4425: cc working with Trend Micro's Zero Day Initiative, Juwei Lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.\n\nCVE-2018-4399: Fabiano Anemone (@anoane)\n\nEntry added October 30, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4407: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 30, 2018\n\n**mDNSOffloadUserClient**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2018-4326: an anonymous researcher working with Trend Micro's Zero Day Initiative, Zhuo Liang of Qihoo 360 Nirvan Team\n\nEntry added October 30, 2018\n\n**MediaRemote**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2018-4310: CodeColorist of Ant-Financial LightYear Labs\n\nEntry added October 30, 2018\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover a user\u2019s deleted notes\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions.\n\nCVE-2018-4352: Utku Altinkaynak\n\nEntry updated October 30, 2018\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to discover websites a user has visited\n\nDescription: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.\n\nCVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah M\u00fcr\u015fide \u00d6z\u00fcnenek Anadolu Lisesi - Ankara/T\u00fcrkiye, Mehmet Ferit Da\u015ftan of Van Y\u00fcz\u00fcnc\u00fc Y\u0131l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A user may be unable to delete browsing history items\n\nDescription: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.\n\nCVE-2018-4329: Hugo S. Diaz (coldpointblue)\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority\n\n**SafariViewController**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4362: Jun Kokatsu (@shhnjk)\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2018-4395: Patrick Wardle of Digita Security\n\nEntry added October 30, 2018\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: This issue was addressed by removing RC4.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**Status Bar**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2018-4325: Brian Adeloye\n\n**Symptom Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2018-4203: Bruno Keith (@bkth_) working with Trend Micro's Zero Day Initiative\n\nEntry added October 30, 2018\n\n**Text**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved validation.\n\nCVE-2018-4304: jianan.huang (@Sevck)\n\nEntry added October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to execute scripts in the context of another website\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4309: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2018-4361: found by OSS-Fuzz\n\nCVE-2018-4474: found by OSS-Fuzz\n\nEntry added September 24, 2018, updated January 22, 2019\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cross-origin SecurityErrors includes the accessed frame\u2019s origin\n\nDescription: The issue was addressed by removing origin information.\n\nCVE-2018-4311: Erling Alf Ellingsen (@steike)\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2018-4299: Samuel Gro\u03b2 (saelo) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4323: Ivan Fratric of Google Project Zero\n\nCVE-2018-4328: Ivan Fratric of Google Project Zero\n\nCVE-2018-4358: @phoenhex team (@bkth_ @5aelo @_niklasb) working with Trend Micro's Zero Day Initiative\n\nCVE-2018-4359: Samuel Gro\u00df (@5aelo)\n\nCVE-2018-4360: William Bowling (@wcbowling)\n\nEntry added September 24, 2018, updated October 30, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may cause unexepected cross-origin behavior\n\nDescription: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.\n\nCVE-2018-4319: John Pettitt of Google\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2018-4316: crixer, Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unexpected interaction causes an ASSERT failure\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2018-4191: found by OSS-Fuzz\n\nEntry added September 24, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may exfiltrate image data cross-origin\n\nDescription: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.\n\nCVE-2018-4345: Jun Kokatsu (@shhnjk)\n\nEntry added September 24, 2018, updated December 13, 2018\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2018-4315: Ivan Fratric of Google Project Zero\n\nCVE-2018-4197: Ivan Fratric of Google Project Zero\n\nCVE-2018-4312: Ivan Fratric of Google Project Zero\n\nCVE-2018-4306: Ivan Fratric of Google Project Zero\n\nCVE-2018-4318: Ivan Fratric of Google Project Zero\n\nCVE-2018-4317: Ivan Fratric of Google Project Zero\n\nCVE-2018-4314: Ivan Fratric of Google Project Zero\n\nEntry added September 24, 2018\n\n\n\n## Additional recognition\n\n**APFS**\n\nWe would like to acknowledge Umang Raghuvanshi for their assistance.\n\nEntry added December 13, 2018\n\n**Assets**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**configd**\n\nWe would like to acknowledge Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH for their assistance.\n\n**Core Data**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**CoreSymbolication**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Exchange ActiveSync**\n\nWe would like to acknowledge an anonymous researcher, Jesse Thompson of University of Wisconsin-Madison for their assistance.\n\nEntry updated January 22, 2019\n\n**Feedback Assistant**\n\nWe would like to acknowledge Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro\u2019s Zero Day Initiative for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\nEntry added December 13, 2018\n\n**Mail**\n\nWe would like to acknowledge Alessandro Avagliano of Rocket Internet SE, Gunnar Diepenbruck, and Zbyszek \u017b\u00f3\u0142kiewski for their assistance.\n\n**MediaRemote**\n\nWe would like to acknowledge Brandon Azad for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge lokihardt of Google Project Zero for their assistance.\n\nEntry added December 13, 2018\n\n**Safari**\n\nWe would like to acknowledge Marcel Manz of SIMM-Comm GmbH and Vlad Galbin for their assistance.\n\n**Sandbox Profiles**\n\nWe would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip Klubi\u010dka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Horatiu Graur of SoftVision, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, an anonymous researcher for their assistance.\n\nEntry updated June 24, 2019\n\n**SQLite**\n\nWe would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance.\n\n**Status Bar**\n\nWe would like to acknowledge Ju Zhu of Meituan and Moony Li and Lilang Wu of Trend Micro for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative, and Zach Malone of CA Technologies for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: September 17, 2019\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-09-17T00:00:00", "type": "apple", "title": "About the security content of iOS 12", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1777", "CVE-2018-4126", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4203", "CVE-2018-4299", "CVE-2018-4304", "CVE-2018-4305", "CVE-2018-4306", "CVE-2018-4307", "CVE-2018-4309", "CVE-2018-4310", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4313", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4321", "CVE-2018-4322", "CVE-2018-4323", "CVE-2018-4325", "CVE-2018-4326", "CVE-2018-4328", "CVE-2018-4329", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333", "CVE-2018-4335", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344", "CVE-2018-4345", "CVE-2018-4347", "CVE-2018-4352", "CVE-2018-4354", "CVE-2018-4355", "CVE-2018-4356", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4360", "CVE-2018-4361", "CVE-2018-4362", "CVE-2018-4363", "CVE-2018-4383", "CVE-2018-4395", "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4407", "CVE-2018-4408", "CVE-2018-4412", "CVE-2018-4414", "CVE-2018-4425", "CVE-2018-4426", "CVE-2018-4433", "CVE-2018-4474", "CVE-2018-5383"], "modified": "2018-09-17T00:00:00", "id": "APPLE:E6562A443B7DE882FE6DB7BD64EBE1E5", "href": "https://support.apple.com/kb/HT209106", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T11:52:31", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-03T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4209", "CVE-2018-4318", "CVE-2018-4323", "CVE-2018-4309", "CVE-2018-4317", "CVE-2018-4208", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4210", "CVE-2018-4197", "CVE-2018-4316", "CVE-2018-4212", "CVE-2018-4358", "CVE-2018-4315", "CVE-2018-4319", "CVE-2018-4361", "CVE-2018-4314", "CVE-2018-4191", "CVE-2018-4207", "CVE-2018-4311", "CVE-2018-4359", "CVE-2018-4312", "CVE-2018-4328"], "modified": "2018-10-03T00:00:00", "id": "USN-3781-1", "href": "https://ubuntu.com/security/notices/USN-3781-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:03:58", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary commands or cause a Denial of Service condition via maliciously crafted web content. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebkitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.22.0\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-02T00:00:00", "type": "gentoo", "title": "WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4311", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361"], "modified": "2018-12-02T00:00:00", "id": "GLSA-201812-04", "href": "https://security.gentoo.org/glsa/201812-04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2022-04-07T12:02:26", "description": "[](<https://1.bp.blogspot.com/-baywoaHmuas/X7dY6GbwC1I/AAAAAAAAUbo/jDpqwD_-UOkhzq98AhL8_vvWCKH3TlBvwCNcBGAsYHQ/s781/Fuzzilli.png>)\n\n \n\n\nA (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language (\"FuzzIL\") which can be mutated and translated to JavaScript.\n\n \n\n\n**Usage** \n\n\nThe basic steps to use this fuzzer are:\n\n 1. Download the source code for one of the supported JavaScript engines. See the [Targets/](<https://github.com/googleprojectzero/fuzzilli/blob/master/Targets> \"Targets/\" ) directory for the list of supported JavaScript engines.\n 2. Apply the corresponding patches from the target's directory. Also see the README.md in that directory.\n 3. Compile the engine with coverage [instrumentation](<https://www.kitploit.com/search/label/Instrumentation> \"instrumentation\" ) (requires clang >= 4.0) as described in the README.\n 4. Compile the fuzzer: `swift build [-c release]`.\n 5. Run the fuzzer: `swift run [-c release] FuzzilliCli --profile=<profile> [other cli options] /path/to/jsshell`. See also `swift run FuzzilliCli --help`.\n\nBuilding and running Fuzzilli and the supported JavaScript engines inside Docker and on Google Compute Engine is [also supported](<https://github.com/googleprojectzero/fuzzilli/blob/master/Cloud> \"also supported\" ).\n\n \n**Hacking** \n\n\nCheck out [main.swift](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/FuzzilliCli/main.swift> \"main.swift\" ) to see a usage example of the Fuzzilli library and play with the various configuration options. Next, take a look at [Fuzzer.swift](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Fuzzer.swift> \"Fuzzer.swift\" ) for the highlevel fuzzing logic. From there dive into any part that seems interesting.\n\nPatches, additions, other contributions etc. to this project are very welcome! However, do quickly check [the notes for contributors](<https://github.com/googleprojectzero/fuzzilli/blob/master/CONTRIBUTING.md> \"the notes for contributors\" ). Fuzzilli roughly follows [Google's code style guide for swift](<https://google.github.io/swift/> \"Google's code style guide for swift\" ).\n\nIt would be much appreciated if you could send a short note (possibly including a CVE number) to [email protected] or open a pull request for any [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) found with the help of this project so it can be included in the [bug showcase](<https://github.com/googleprojectzero/fuzzilli#bug-showcase> \"bug showcase\" ) section. Other than that you can of course claim any bug bounty, CVE credits, etc. for the [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) :)\n\n \n**Concept** \n\n\nWhen fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs. There are different possibilities to achieve an acceptable rate of semantically correct samples, one of them being a mutational approach in which all samples in the corpus are also semantically valid. In that case, each mutation only has a small chance of turning a valid sample into an invalid one.\n\nTo implement a mutation-based JavaScript fuzzer, mutations to JavaScript code have to be defined. Instead of mutating the AST, or other syntactic elements of a program, a custom intermediate language (IL) is defined on which mutations to the control and data flow of a program can more directly be performed. This IL is afterwards translated to JavaScript for execution. The intermediate language looks roughly as follows:\n \n \n v0 <\u2212 LoadInteger '0' \n v1 <\u2212 LoadInteger '10' \n v2 <\u2212 LoadInteger '1' \n v3 <\u2212 LoadInteger '0' \n BeginFor v0, '<', v1, '+', v2 \u2212> v4 \n v6 <\u2212 BinaryOperation v3, '+', v4 \n Reassign v3, v6 \n EndFor \n v7 <\u2212 LoadString 'Result: ' \n v8 <\u2212 BinaryOperation v7, '+', v3 \n v9 <\u2212 LoadGlobal 'console' \n v10 <\u2212 CallMethod v9, 'log', [v8] \n \n\nWhich can e.g. be trivially translated to the following JavaScript code:\n \n \n const v0 = 0; \n const v1 = 10; \n const v2 = 1; \n let v3 = 0; \n for (let v4 = v0; v4 < v1; v4 = v4 + v2) { \n const v6 = v3 + v4; \n v3 = v6; \n } \n const v7 = \"Result: \"; \n const v8 = v7 + v3; \n const v9 = console; \n const v10 = v9.log(v8); \n \n\nOr to the following JavaScript code by inlining intermediate expressions:\n \n \n let v3 = 0; \n for (let v4 = 0; v4 < 10; v4++) { \n v3 = v3 + v4; \n } \n console.log(\"Result: \" + v3); \n \n\nFuzzIL has a number of properties:\n\n * A FuzzIL program is simply a list of instructions.\n * A FuzzIL instruction is an operation together with input and output variables and potentially one or more parameters (enclosed in single quotes in the notation above).\n * Inputs to instructions are always variables, there are no immediate values.\n * Every output of an instruction is a new variable, and existing variables can only be reassigned through dedicated operations such as the `Reassign` instruction.\n * Every variable is defined before it is used.\n\nA number of mutations can then be performed on these programs:\n\n * [InputMutator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Mutators/InputMutator.swift> \"InputMutator\" ): replaces input variables of instructions with different ones to mutate the dataflow of the program.\n * [CodeGenMutator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Mutators/CodeGenMutator.swift> \"CodeGenMutator\" ): generates code and inserts it somewhere in the mutated program. Code is generated either by running a [code generator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/CodeGenerators.swift> \"code generator\" ) or by copying some instructions from another program in the corpus (splicing).\n * [CombineMutator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Mutators/CombineMutator.swift> \"CombineMutator\" ): inserts a program from the corpus into a random position in the mutated program.\n * [OperationMutator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Mutators/OperationMutator.swift> \"OperationMutator\" ): mutates the parameters of operations, for example replacing an integer constant with a different one.\n * and more...\n \n**Implementation** \n\n\nThe fuzzer is implemented in [Swift](<https://swift.org/> \"Swift\" ), with some parts (e.g. coverage measurements, socket interactions, etc.) implemented in C.\n\n \n**Architecture** \n\n\nA fuzzer instance (implemented in [Fuzzer.swift](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Fuzzer.swift> \"Fuzzer.swift\" )) is made up of the following central components:\n\n * [MutationFuzzer](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/MutationFuzzer.swift> \"MutationFuzzer\" ): produces new programs from existing ones by applying [mutations](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Mutators> \"mutations\" ). Afterwards executes the produced samples and evaluates them.\n * [ScriptRunner](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Execution> \"ScriptRunner\" ): executes programs of the target language.\n * [Corpus](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/Corpus.swift> \"Corpus\" ): stores interesting samples and supplies them to the core fuzzer.\n * [Environment](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/JavaScriptEnvironment.swift> \"Environment\" ): has knowledge of the runtime environment, e.g. the available builtins, property names, and methods.\n * [Minimizer](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Minimization/Minimizer.swift> \"Minimizer\" ): minimizes crashing and interesting programs.\n * [Evaluator](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Evaluation> \"Evaluator\" ): evaluates whether a sample is interesting according to some metric, e.g. code coverage.\n * [Lifter](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Lifting> \"Lifter\" ): translates a FuzzIL program to the target language (JavaScript).\n\nFurthermore, a number of modules are optionally available:\n\n * [Statistics](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/Statistics.swift> \"Statistics\" ): gathers various pieces of statistical information.\n * [NetworkWorker/NetworkMaster](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/NetworkSync.swift> \"NetworkWorker/NetworkMaster\" ): synchronize multiple instances over the network.\n * [ThreadWorker/ThreadMaster](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/ThreadSync.swift> \"ThreadWorker/ThreadMaster\" ): synchronize multiple instances within the same process.\n * [Storage](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/Storage.swift> \"Storage\" ): stores crashing programs to disk.\n\nThe fuzzer is event-driven, with most of the interactions between different classes happening through events. Events are dispatched e.g. as a result of a crash or an interesting program being found, a new program being executed, a log message being generated and so on. See [Events.swift](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/Events.swift> \"Events.swift\" ) for the full list of events. The event mechanism effectively decouples the various components of the fuzzer and makes it easy to implement additional modules.\n\nA FuzzIL program can be built up using a [ProgramBuilder](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Core/ProgramBuilder.swift> \"ProgramBuilder\" ) instance. A ProgramBuilder provides methods to create and append new instructions, append instructions from another program, retrieve existing variables, query the execution context at the current position (e.g. whether it is inside a loop), and more.\n\n \n**Execution** \n\n\nFuzzilli uses a custom execution mode called [REPRL (read-eval-print-reset-loop)](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Execution/REPRL.swift> \"REPRL \\(read-eval-print-reset-loop\\)\" ). For that, the target engine is modified to accept a script input over pipes and/or shared memory, execute it, then reset its internal state and wait for the next script. This removes the overhead from process creation and to a large part from the engine ininitializaiton.\n\n \n**Scalability** \n\n\nThere is one [Fuzzer](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Fuzzer.swift> \"Fuzzer\" ) instance per target process. This enables synchronous execution of programs and thereby simplifies the implementation of various algorithms such as consecutive mutations and minimization. Moreover, it avoids the need to implement thread-safe access to internal state, e.g. the corpus. Each fuzzer instance has its own [DispatchQueue](<https://developer.apple.com/documentation/dispatch/dispatchqueue> \"DispatchQueue\" ), conceptually corresponding to a single thread. As a rule of thumb, every interaction with a Fuzzer instance must happen on that instance\u2019s dispatch queue. This guarantees thread-safety as the queue is serial. For more details see [the docs](<https://github.com/googleprojectzero/fuzzilli/blob/master/Docs/ProcessingModel.md>).\n\nTo scale, fuzzer instances can become workers, in which case they report newly found interesting samples and [crashes](<https://www.kitploit.com/search/label/Crashes> \"crashes\" ) to a master instance. In turn, the master instances also synchronize their corpus with the workers. Communication between masters and workers can happen in different ways, each implemented as a module:\n\n * [Inter-thread communication](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/ThreadSync.swift> \"Inter-thread communication\" ): synchronize instances in the same process by enqueuing tasks to the other fuzzer\u2019s DispatchQueue.\n * Inter-process communication (TODO): synchronize instances over an IPC channel.\n * [Inter-machine communication](<https://github.com/googleprojectzero/fuzzilli/blob/master/Sources/Fuzzilli/Modules/NetworkSync.swift> \"Inter-machine communication\" ): synchronize instances over a simple TCP-based protocol.\n\nThis design allows the fuzzer to scale to many cores on a single machine as well as to many different machines. As one master instance can quickly become overloaded if too many workers send programs to it, it is also possible to configure multiple tiers of master instances, e.g. one master instance, 16 intermediate masters connected to the master, and 256 workers connected to the intermediate masters.\n\n \n**Resources** \n\n\nFurther resources about this fuzzer:\n\n * A [presentation](<https://saelo.github.io/presentations/offensivecon_19_fuzzilli.pdf> \"presentation\" ) about Fuzzilli given at Offensive Con 2019.\n * The [master's thesis](<https://saelo.github.io/papers/thesis.pdf> \"master's thesis\" ) for which the initial implementation was done.\n * A [blogpost](<https://sensepost.com/blog/2020/the-hunt-for-chromium-issue-1072171/> \"blogpost\" ) by Sensepost about using Fuzzilli to find a bug in v8\n * A [blogpost](<https://blog.doyensec.com/2020/09/09/fuzzilli-jerryscript.html> \"blogpost\" ) by Doyensec about fuzzing the JerryScript engine with Fuzzilli\n \n**Bug Showcase** \n\n\nThe following is a list of some of the bugs found with the help of Fuzzilli. Only bugs with security impact are included in the list. Special thanks to all users of Fuzzilli who have reported bugs found by it!\n\n \n**WebKit/JavaScriptCore** \n\n\n * [Issue 185328](<https://bugs.webkit.org/show_bug.cgi?id=185328> \"Issue 185328\" ): DFG [Compiler](<https://www.kitploit.com/search/label/Compiler> \"Compiler\" ) uses incorrect output register for NumberIsInteger operation\n * [CVE-2018-4299](<https://www.zerodayinitiative.com/advisories/ZDI-18-1081/> \"CVE-2018-4299\" ): performProxyCall leaks internal object to script\n * [CVE-2018-4359](<https://bugs.webkit.org/show_bug.cgi?id=187451> \"CVE-2018-4359\" ): compileMathIC produces incorrect machine code\n * [CVE-2019-8518](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1775> \"CVE-2019-8518\" ): OOB access in FTL JIT due to LICM moving array access before the bounds check\n * [CVE-2019-8558](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1783> \"CVE-2019-8558\" ): CodeBlock UaF due to dangling Watchpoints\n * [CVE-2019-8611](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1788> \"CVE-2019-8611\" ): AIR optimization incorrectly removes assignment to register\n * [CVE-2019-8623](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1789> \"CVE-2019-8623\" ): Loop-invariant code motion (LICM) in DFG JIT leaves stack variable uninitialized\n * [CVE-2019-8622](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1802> \"CVE-2019-8622\" ): DFG's doesGC() is incorrect about the HasIndexedProperty operation's behaviour on StringObjects\n * [CVE-2019-8671](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1822> \"CVE-2019-8671\" ): DFG: Loop-invariant code motion (LICM) leaves object property access unguarded\n * [CVE-2019-8672](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1825> \"CVE-2019-8672\" ): JSValue use-after-free in ValueProfiles\n * [CVE-2019-8678](<https://bugs.webkit.org/show_bug.cgi?id=198259> \"CVE-2019-8678\" ): JSC fails to run haveABadTime() when some prototypes are modified, leading to type confusions\n * [CVE-2019-8685](<https://bugs.webkit.org/show_bug.cgi?id=197691> \"CVE-2019-8685\" ): JSPropertyNameEnumerator uses wrong structure IDs\n * [CVE-2019-8765](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1915> \"CVE-2019-8765\" ): GetterSetter type confusion during DFG compilation\n * [CVE-2019-8820](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1924> \"CVE-2019-8820\" ): Type confusion during bailout when reconstructing arguments objects\n * [CVE-2020-3901](<https://bugs.webkit.org/show_bug.cgi?id=206805> \"CVE-2020-3901\" ): GetterSetter type confusion in FTL JIT code (due to not always safe LICM)\n \n**Gecko/Spidermonkey** \n\n\n * [CVE-2018-12386](<https://ssd-disclosure.com/archives/3765/ssd-advisory-firefox-javascript-type-confusion-rce> \"CVE-2018-12386\" ): IonMonkey register allocation bug leads to type confusions\n * [CVE-2019-9791](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1791> \"CVE-2019-9791\" ): IonMonkey's type inference is incorrect for constructors entered via OSR\n * [CVE-2019-9792](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1794> \"CVE-2019-9792\" ): IonMonkey leaks JS_OPTIMIZED_OUT magic value to script\n * [CVE-2019-9816](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1808> \"CVE-2019-9816\" ): unexpected ObjectGroup in ObjectGroupDispatch operation\n * [CVE-2019-9813](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1810> \"CVE-2019-9813\" ): IonMonkey compiled code fails to update inferred property types, leading to type confusions\n * [CVE-2019-11707](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1820> \"CVE-2019-11707\" ): IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusions\n * [CVE-2020-15656](<https://bugzilla.mozilla.org/show_bug.cgi?id=1647293> \"CVE-2020-15656\" ): Type confusion for special arguments in IonMonkey\n \n**Chromium/v8** \n\n\n * [Issue 939316](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1799> \"Issue 939316\" ): Turbofan may read a Map pointer out-of-bounds when optimizing Reflect.construct\n * [Issue 944062](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1809> \"Issue 944062\" ): JSCallReducer::ReduceArrayIndexOfIncludes fails to insert Map checks\n * [CVE-2019-5831](<https://bugs.chromium.org/p/chromium/issues/detail?id=950328> \"CVE-2019-5831\" ): Incorrect map processing in V8\n * [Issue 944865](<https://bugs.chromium.org/p/chromium/issues/detail?id=944865> \"Issue 944865\" ): Invalid value representation in V8\n * [CVE-2019-5841](<https://bugs.chromium.org/p/chromium/issues/detail?id=969588> \"CVE-2019-5841\" ): Bug in inlining heuristic\n * [CVE-2019-5847](<https://bugs.chromium.org/p/chromium/issues/detail?id=972921> \"CVE-2019-5847\" ): V8 sealed/frozen elements cause crash\n * [CVE-2019-5853](<https://bugs.chromium.org/p/chromium/issues/detail?id=976627> \"CVE-2019-5853\" ): Memory corruption in regexp length check\n * [Issue 992914](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1923> \"Issue 992914\" ): Map migration doesn't respect element kinds, leading to type confusion\n * [CVE-2020-6512](<https://bugs.chromium.org/p/chromium/issues/detail?id=1084820> \"CVE-2020-6512\" ): Type Confusion in V8\n \n**[Duktape](<https://github.com/svaarala/duktape> \"Duktape\" )** \n\n\n * [Issue 2323](<https://github.com/svaarala/duktape/pull/2323> \"Issue 2323\" ): Unstable valstack pointer in putprop\n * [Issue 2320](<https://github.com/svaarala/duktape/pull/2320> \"Issue 2320\" ): Memcmp pointer overflow in string builtin\n \n**[JerryScript](<https://github.com/jerryscript-project/jerryscript> \"JerryScript\" )** \n\n\n * [CVE-2020-13991](<https://github.com/jerryscript-project/jerryscript/issues/3858> \"CVE-2020-13991\" ): Incorrect release of spread arguments\n * [Issue 3784](<https://github.com/jerryscript-project/jerryscript/issues/3784> \"Issue 3784\" ): Memory corruption due to incorrect property enumeration\n * [CVE-2020-13623](<https://github.com/jerryscript-project/jerryscript/issues/3785> \"CVE-2020-13623\" ): Stack overflow via property keys for Proxy objects\n * [CVE-2020-13649 (1)](<https://github.com/jerryscript-project/jerryscript/issues/3786> \"CVE-2020-13649 \\(1\\)\" ): Memory corruption due to error handling in case of OOM\n * [CVE-2020-13649 (2)](<https://github.com/jerryscript-project/jerryscript/issues/3788> \"CVE-2020-13649 \\(2\\)\" ): Memory corruption due to error handling in case of OOM\n * [CVE-2020-13622](<https://github.com/jerryscript-project/jerryscript/issues/3787> \"CVE-2020-13622\" ): Memory corruption due to incorrect handling of property keys for Proxy objects\n * [CVE-2020-14163](<https://github.com/jerryscript-project/jerryscript/issues/3804> \"CVE-2020-14163\" ): Memory corruption due to race condition triggered by garbage collection when adding key/value pairs\n * [Issue 3813](<https://github.com/jerryscript-project/jerryscript/issues/3813> \"Issue 3813\" ): Incorrect error handling in SerializeJSONProperty function\n * [Issue 3814](<https://github.com/jerryscript-project/jerryscript/issues/3814> \"Issue 3814\" ): Unexpected Proxy object in ecma_op_function_has_instance assertion\n * [Issue 3836](<https://github.com/jerryscript-project/jerryscript/issues/3836> \"Issue 3836\" ): Memory corruption due to incorrect TypedArray initialization\n * [Issue 3837](<https://github.com/jerryscript-project/jerryscript/issues/3837> \"Issue 3837\" ): Memory corruption due to incorrect memory handling in getOwnPropertyDescriptor\n \n**Disclaimer** \n\n\nThis is not an officially supported Google product.\n\n \n \n\n\n**[Download Fuzzilli](<https://github.com/googleprojectzero/fuzzilli> \"Download Fuzzilli\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-21T20:30:00", "type": "kitploit", "title": "Fuzzilli - A JavaScript Engine Fuzzer", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12386", "CVE-2018-4299", "CVE-2018-4359", "CVE-2019-11707", "CVE-2019-5831", "CVE-2019-5841", "CVE-2019-5847", "CVE-2019-5853", "CVE-2019-8518", "CVE-2019-8558", "CVE-2019-8611", "CVE-2019-8622", "CVE-2019-8623", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8678", "CVE-2019-8685", "CVE-2019-8765", "CVE-2019-8820", "CVE-2019-9791", "CVE-2019-9792", "CVE-2019-9813", "CVE-2019-9816", "CVE-2020-13622", "CVE-2020-13623", "CVE-2020-13649", "CVE-2020-13991", "CVE-2020-14163", "CVE-2020-15656", "CVE-2020-3901", "CVE-2020-6512"], "modified": "2020-11-21T20:30:00", "id": "KITPLOIT:8766743662298222785", "href": "http://www.kitploit.com/2020/11/fuzzilli-javascript-engine-fuzzer.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-07-05T06:01:12", "description": "An update that fixes 45 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.4 fixes the following issues:\n\n Security issues fixed:\n\n CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306,\n CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315,\n CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323,\n CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345,\n CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416,\n CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-68=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-21T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4261", "CVE-2018-4262", "CVE-2018-4263", "CVE-2018-4264", "CVE-2018-4265", "CVE-2018-4266", "CVE-2018-4267", "CVE-2018-4270", "CVE-2018-4272", "CVE-2018-4273", "CVE-2018-4278", "CVE-2018-4284", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416"], "modified": "2019-01-21T00:00:00", "id": "OPENSUSE-SU-2019:0068-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JXDJONTCZJ2FBL6O2T4TLFIJKIZM7U5J/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:42:16", "description": "An update that fixes 43 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4372, CVE-2018-4345, CVE-2018-4386, CVE-2018-4375,\n CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4392,\n CVE-2018-4416, CVE-2018-4191, CVE-2018-4197, CVE-2018-4299,\n CVE-2018-4306, CVE-2018-4309, CVE-2018-4312, CVE-2018-4314,\n CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318,\n CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358,\n CVE-2018-4359, CVE-2018-4361, CVE-2018-4373, CVE-2018-4162,\n CVE-2018-4163, CVE-2018-4165, CVE-2018-11713, CVE-2018-4207,\n CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212,\n CVE-2018-4213, CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464 (bsc#1119558, bsc#1116998,\n bsc#1110279)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-81=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-23T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11713", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4191", "CVE-2018-4197", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213", "CVE-2018-4299", "CVE-2018-4306", "CVE-2018-4309", "CVE-2018-4312", "CVE-2018-4314", "CVE-2018-4315", "CVE-2018-4316", "CVE-2018-4317", "CVE-2018-4318", "CVE-2018-4319", "CVE-2018-4323", "CVE-2018-4328", "CVE-2018-4345", "CVE-2018-4358", "CVE-2018-4359", "CVE-2018-4361", "CVE-2018-4372", "CVE-2018-4373", "CVE-2018-4375", "CVE-2018-4376", "CVE-2018-4378", "CVE-2018-4382", "CVE-2018-4386", "CVE-2018-4392", "CVE-2018-4416", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2019-01-23T00:00:00", "id": "OPENSUSE-SU-2019:0081-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N3LMCXDRCX64PDIK6OOJOXY7AAXP7POU/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2018-4299
