CVE-2018-4440: Input Validation

Q: What is CVE-2018-4440?

CVE-2018-4440 is a vulnerability in Safari that was addressed with improved state management.

Q: Which versions of Safari are affected by CVE-2018-4440?

Versions prior to Safari 12.0.2 are affected by CVE-2018-4440.

Q: Which versions of iOS are affected by CVE-2018-4440?

Versions prior to iOS 12.1.1 are affected by CVE-2018-4440.

Q: Is iCloud for Windows affected by CVE-2018-4440?

Yes, iCloud for Windows versions up to 7.9 are affected by CVE-2018-4440.

Q: How can I fix CVE-2018-4440?

To fix CVE-2018-4440, update your Safari to version 12.0.2 or later, update your iOS to version 12.1.1 or later, update your iCloud for Windows to version 7.9 or later.

Published Dec 5, 2018

Updated

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Other sources

Safari. A logic issue was addressed with improved state management.

Credit

Wenxu Wu(Tencent Security Xuanwu Lab)

Affected Software

9 affected componentsFixes available

Apple iCloud for Windows<7.9

7.9

Apple iTunes for Windows<12.9.2

12.9.2

Apple Safari<12.0.2

12.0.2

Apple iOS<12.1.1

12.1.1

Apple Safari<12.0.2

Apple iPhone OS<12.1.1

Apple iCloud<7.9

Apple iTunes<12.9.2

Microsoft Windows

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4440?

CVE-2018-4440 is a vulnerability in Safari that was addressed with improved state management.

Which versions of Safari are affected by CVE-2018-4440?