Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-4306. PoCs published by Google Security Research.
AI-analyzed exploit summary This is a use-after-free vulnerability in WebKit, triggered by manipulating DOM elements and event handlers. The PoC demonstrates memory corruption via a heap-use-after-free, confirmed with an ASan log.
Description
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · htmldosmultiple
https://www.exploit-db.com/exploits/45482
This is a use-after-free vulnerability in WebKit, triggered by manipulating DOM elements and event handlers. The PoC demonstrates memory corruption via a heap-use-after-free, confirmed with an ASan log.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
WebKit revision 233006 on macOS
No auth needed
Prerequisites:
Victim must visit a malicious webpage
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209141
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209140
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209107
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209106
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209109
Scores
CVSS v3
8.8
EPSS
0.2004
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
apple/icloud
< 7.7
apple/iphone_os
< 12.0
apple/itunes
< 12.9
apple/safari
< 12
apple/tvos
< 12
Published
Apr 03, 2019
Tracked Since
Feb 18, 2026