CVE-2018-4209
HIGHSafari < 11.1 - Denial of Service via Unexpected Interaction
Title source: llmDescription
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
References (13)
Core 13
Core References
Vendor Advisory
https://support.apple.com/en-us/HT208693
Vendor Advisory
https://support.apple.com/en-us/HT208695
Vendor Advisory
https://support.apple.com/en-us/HT208696
Vendor Advisory
https://support.apple.com/en-us/HT208697
Vendor Advisory
https://support.apple.com/en-us/HT208698
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208695%2C
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208697%2C
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208696%2C
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3781-1/
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208698%2C
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201812-04
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208694
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208693%2C
Scores
CVSS v3
8.8
EPSS
0.0066
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (8)
apple/icloud
< 7.4
apple/iphone_os
< 11.3
apple/itunes
< 12.7.4
apple/safari
< 11.1
apple/tvos
< 11.3
apple/watchos
< 4.3
canonical/ubuntu_linux
18.04
webkit/webkitgtk\+
< 2.22.0
Published
Jan 11, 2019
Tracked Since
Feb 18, 2026