CVE-2018-4442

HIGH

Safari < 12.0.2 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4442. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a Use-after-Free (UaF) vulnerability in JavaScriptCore (WebKit) by manipulating garbage collection via rope strings. The exploit triggers a UaF condition by forcing garbage collection during string operations, leading to memory corruption.

Description

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdosmultiple

https://www.exploit-db.com/exploits/46183

View Code ZIP pw:eip

This PoC exploits a Use-after-Free (UaF) vulnerability in JavaScriptCore (WebKit) by manipulating garbage collection via rope strings. The exploit triggers a UaF condition by forcing garbage collection during string operations, leading to memory corruption.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: WebKit JavaScriptCore (Safari, other WebKit-based browsers)

No auth needed

Prerequisites: WebKit-based browser with vulnerable JavaScriptCore

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →