CVE-2018-4382

HIGH

Safari < 12.0.1 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4382. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a type confusion vulnerability in JavaScriptCore (CVE-2018-4382) by triggering an out-of-bounds read via a crafted getter. The issue arises when the handler for ArrayPushIntrinsic incorrectly assumes the current instruction is an op_call, leading to memory corruption.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/45911

View Code ZIP pw:eip

This PoC exploits a type confusion vulnerability in JavaScriptCore (CVE-2018-4382) by triggering an out-of-bounds read via a crafted getter. The issue arises when the handler for ArrayPushIntrinsic incorrectly assumes the current instruction is an op_call, leading to memory corruption.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScriptCore (Safari)

No auth needed

Prerequisites: Target must be running a vulnerable version of WebKit

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →