CVE-2018-4110

CRITICAL

iPhone OS < 11.3 - Cookie Persistence Restriction Bypass in Web App

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4110. PoCs published by bencompton.

AI-analyzed exploit summary This repository documents an intermittent issue with cookie persistence in iOS 11 home screen web apps, where cookies may not persist or expire as expected. It provides steps to reproduce the behavior but does not include exploit code.

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.

Exploits (1)

nomisec WRITEUP 4 stars

by bencompton · poc

https://github.com/bencompton/ios11-cookie-set-expire-issue

View Code ZIP pw:eip

This repository documents an intermittent issue with cookie persistence in iOS 11 home screen web apps, where cookies may not persist or expire as expected. It provides steps to reproduce the behavior but does not include exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: iOS 11

No auth needed

Prerequisites: iOS 11 device · Mobile Safari · Home screen web app

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040604

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT208693

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103578

Scores

CVSS v3 9.8

EPSS 0.0393

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

apple/iphone_os < 11.3

Published Apr 03, 2018

Tracked Since Feb 18, 2026