Search for vulnerabilities
Vulnerability details: VCID-99k3-nxap-g3au
Vulnerability ID VCID-99k3-nxap-g3au
Aliases CVE-2018-4233
Summary An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3.1 8.8 http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
ssvc Track* http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
epss 0.89144 https://api.first.org/data/v1/epss?cve=CVE-2018-4233
cvssv3 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-4233
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-4233
cvssv3.1 8.8 https://security.gentoo.org/glsa/201808-04
ssvc Track* https://security.gentoo.org/glsa/201808-04
cvssv3.1 8.8 https://support.apple.com/HT208848
ssvc Track* https://support.apple.com/HT208848
cvssv3.1 8.8 https://support.apple.com/HT208850
ssvc Track* https://support.apple.com/HT208850
cvssv3.1 8.8 https://support.apple.com/HT208851
ssvc Track* https://support.apple.com/HT208851
cvssv3.1 8.8 https://support.apple.com/HT208852
ssvc Track* https://support.apple.com/HT208852
cvssv3.1 8.8 https://support.apple.com/HT208853
ssvc Track* https://support.apple.com/HT208853
cvssv3.1 8.8 https://support.apple.com/HT208854
ssvc Track* https://support.apple.com/HT208854
cvssv3.1 8.8 https://usn.ubuntu.com/3687-1/
ssvc Track* https://usn.ubuntu.com/3687-1/
cvssv3.1 8.8 https://www.exploit-db.com/exploits/45998/
ssvc Track* https://www.exploit-db.com/exploits/45998/
cvssv3.1 8.8 http://www.securitytracker.com/id/1041029
ssvc Track* http://www.securitytracker.com/id/1041029
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-4233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4233
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1041029 http://www.securitytracker.com/id/1041029
201808-04 https://security.gentoo.org/glsa/201808-04
45998 https://www.exploit-db.com/exploits/45998/
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233
HT208848 https://support.apple.com/HT208848
HT208850 https://support.apple.com/HT208850
HT208851 https://support.apple.com/HT208851
HT208852 https://support.apple.com/HT208852
HT208853 https://support.apple.com/HT208853
HT208854 https://support.apple.com/HT208854
Safari-Webkit-Proxy-Object-Type-Confusion.html http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
USN-3687-1 https://usn.ubuntu.com/3687-1/
Data source Exploit-DB
Date added Dec. 14, 2018
Description Safari - Proxy Object Type Confusion (Metasploit)
Ransomware campaign use Known
Source publication date Dec. 14, 2018
Exploit type remote
Platform macos
Source update date Dec. 14, 2018
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/cc7cb7302ef43478292f684f473fadb00f9b4344/modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb
Data source Metasploit
Description This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The JIT region is then replaced with shellcode which loads the second stage. The second stage exploits a logic error in libxpc, which uses command execution via the launchd's "spawn_via_launchd" API (CVE-2018-4404).
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date March 15, 2018
Platform OSX
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-4233
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-4233
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201808-04
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://security.gentoo.org/glsa/201808-04
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208848
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208848
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208850
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208850
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208851
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208851
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208852
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208852
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208853
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208853
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT208854
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://support.apple.com/HT208854
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3687-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://usn.ubuntu.com/3687-1/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/45998/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at https://www.exploit-db.com/exploits/45998/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1041029
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-03T13:13:53Z/ Found at http://www.securitytracker.com/id/1041029
Exploit Prediction Scoring System (EPSS)
Percentile 0.99506
EPSS Score 0.89144
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:22.308564+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/3687-1/ 37.0.0