CVE-2018-4323

HIGH

Safari < 12 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4323. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a use-after-free vulnerability in WebKit, confirmed on Safari 11.1.1 and WebKit revision 233419. The PoC triggers a heap-use-after-free in the WebCore::LayoutUnit::rawValue() function, leading to potential remote code execution.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldosmultiple
https://www.exploit-db.com/exploits/45484

This is a use-after-free vulnerability in WebKit, confirmed on Safari 11.1.1 and WebKit revision 233419. The PoC triggers a heap-use-after-free in the WebCore::LayoutUnit::rawValue() function, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebKit (Safari 11.1.1 and WebKit revision 233419)
No auth needed
Prerequisites: Victim must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209141
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209140
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209107
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209106
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209109

Scores

CVSS v3 8.8
EPSS 0.2004
EPSS Percentile 95.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (5)
apple/icloud < 7.7
apple/iphone_os < 12.0
apple/itunes < 12.9
apple/safari < 12
apple/tvos < 12
Published Apr 03, 2019
Tracked Since Feb 18, 2026