CVE-2018-4314

HIGH

Safari < 12 - Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4314. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a proof-of-concept exploit for a use-after-free vulnerability in WebKit (CVE-2018-4314). The PoC triggers the vulnerability by manipulating SVG and HTML elements, leading to a heap-use-after-free condition, as confirmed by the included AddressSanitizer (ASan) log.

Description

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/45480

View Code ZIP pw:eip

This is a proof-of-concept exploit for a use-after-free vulnerability in WebKit (CVE-2018-4314). The PoC triggers the vulnerability by manipulating SVG and HTML elements, leading to a heap-use-after-free condition, as confirmed by the included AddressSanitizer (ASan) log.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit (affecting Safari and other WebKit-based browsers)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →