CVE-2018-4443

HIGH EXPLOITED

Safari < 12.0.2 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2018-4443 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Google Security Research.

AI-analyzed exploit summary The exploit leverages a type confusion vulnerability in JavaScriptCore (CVE-2018-4443) where `structure->indexingType()` incorrectly masks the CopyOnWrite flag, allowing writes to immutable butterflies. This leads to a use-after-free (UaF) condition, demonstrated via two PoCs manipulating array structures.

Description

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/46071

View Code ZIP pw:eip

The exploit leverages a type confusion vulnerability in JavaScriptCore (CVE-2018-4443) where `structure->indexingType()` incorrectly masks the CopyOnWrite flag, allowing writes to immutable butterflies. This leads to a use-after-free (UaF) condition, demonstrated via two PoCs manipulating array structures.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit JavaScriptCore (Safari, other WebKit-based browsers)

No auth needed

Prerequisites: Target must run JavaScriptCore with `--useConcurrentJIT=false`

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →