Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-4192Race Condition in Apple Icloud

CWE-362Race Condition14 documents8 sources
Severity
7.5HIGHNVD
EPSS
30.4%
top 3.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Apple IcloudApple Iphone OSApple Itunes+3 more
Timeline
PublishedJun 8
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

NVDapple/tvos< 11.4
NVDapple/icloud< 7.5
NVDapple/itunes< 12.7.5
NVDapple/safari< 11.1.1
NVDapple/watchos< 4.3.1

🔴Vulnerability Details

3
GHSA
GHSA-x9pg-hrp7-33qj: An issue was discovered in certain Apple products2022-05-14
CVEList
CVE-2018-4192: An issue was discovered in certain Apple products2018-06-08
OSV
CVE-2018-4192: An issue was discovered in certain Apple products2018-06-08

💥Exploits & PoCs

2
Exploit-DB
JavaScript Core - Arbitrary Code Execution2018-07-11
Exploit-DB
Awk to Perl 1.007-5 - Buffer Overflow (PoC)2018-07-11

📋Vendor Advisories

7
Apple
CVE-2018-4192: Safari 11.1.12018-06-01
Apple
CVE-2018-4192: iCloud for Windows 7.52018-06-01
Apple
CVE-2018-4192: iTunes 12.7.5 for Windows2018-05-29
Apple
CVE-2018-4192: tvOS 11.42018-05-29
Apple
CVE-2018-4192: iOS 11.42018-05-29

📄Research Papers

1
arXiv
SOK: On the Analysis of Web Browser Security2021-12-31
CVE-2018-4192 — Race Condition in Apple Icloud | cvebase