CVE-2018-4271: Input Validation

Q: What is CVE-2018-4271?

CVE-2018-4271 is a vulnerability in WebKit that leads to multiple memory corruption issues due to improved input validation.

Q: Which software versions are affected by CVE-2018-4271?

Versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6 are affected by CVE-2018-4271.

Q: What is the severity of CVE-2018-4271?

CVE-2018-4271 has a severity rating of 6.5, which is considered medium.

Q: How can I fix CVE-2018-4271?

To fix CVE-2018-4271, you should update your software to iOS 11.4.1 or later, tvOS 11.4.1 or later, watchOS 4.3.2 or later, Safari 11.1.2 or later, iTunes 12.8 or later for Windows, and iCloud for Windows 7.6 or later.

Q: Where can I find more information about CVE-2018-4271?

You can find more information about CVE-2018-4271 on the Apple Support website: [https://support.apple.com/en-us/HT208936](https://support.apple.com/en-us/HT208936), [https://support.apple.com/en-us/HT208932](https://support.apple.com/en-us/HT208932), [https://support.apple.com/en-us/HT208935](https://support.apple.com/en-us/HT208935).

Published Jul 9, 2018

Updated

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Other sources

WebKit. Multiple memory corruption issues were addressed with improved input validation.

Credit

found by OSS-Fuzz

Affected Software

13 affected componentsFixes available

Apple tvOS<11.4.1

11.4.1

Apple WatchOS<4.3.2

4.3.2

Apple iCloud for Windows<7.6

7.6

Apple iTunes for Windows<12.8

12.8

Apple Safari<11.1.2

11.1.2

Apple iOS<11.4.1

11.4.1

Apple Safari<11.1.2

Apple iPhone OS<11.4.1

Apple tvOS<11.4.1

Apple WatchOS<4.3.2

Apple iCloud<7.6

Apple iTunes<12.8

Microsoft Windows

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4271?

CVE-2018-4271 is a vulnerability in WebKit that leads to multiple memory corruption issues due to improved input validation.

Which software versions are affected by CVE-2018-4271?