CVE-2018-4441: Buffer Overflow

Q: What is CVE-2018-4441?

CVE-2018-4441 is a memory corruption issue in WebKit that has been addressed with improved memory handling.

Q: Which versions are affected by CVE-2018-4441?

CVE-2018-4441 affects versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, and iCloud for Windows 7.9.

Q: How can CVE-2018-4441 be exploited?

CVE-2018-4441 can be exploited through a memory corruption attack in WebKit.

Q: What is the severity of CVE-2018-4441?

CVE-2018-4441 has a severity rating of 8.8 (high).

Q: How do I mitigate CVE-2018-4441?

To mitigate CVE-2018-4441, update to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, or iCloud for Windows 7.9.

Published Dec 5, 2018

Updated

WebKit. A memory corruption issue was addressed with improved memory handling.

Other sources

WebK it. A memory corruption issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Credit

lokihardt(Google Project Zero)

Affected Software

13 affected componentsFixes available

Apple tvOS<12.1.1

12.1.1

Apple WatchOS<5.1.2

5.1.2

Apple iCloud for Windows<7.9

7.9

Apple iTunes for Windows<12.9.2

12.9.2

Apple Safari<12.0.2

12.0.2

Apple iOS<12.1.1

12.1.1

Apple Safari<12.0.2

Apple iPhone OS<12.1.1

Apple tvOS<12.1.1

Apple WatchOS<5.1.2

Apple iCloud<7.9

Apple iTunes<12.9.2

Microsoft Windows

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4441?

CVE-2018-4441 is a memory corruption issue in WebKit that has been addressed with improved memory handling.

Which versions are affected by CVE-2018-4441?