Search for vulnerabilities
| Vulnerability ID | VCID-e3ue-xqxr-aaak |
| Aliases |
CVE-2018-4233
|
| Summary | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 7.9 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| Data source | Exploit-DB |
|---|---|
| Date added | Dec. 14, 2018 |
| Description | Safari - Proxy Object Type Confusion (Metasploit) |
| Ransomware campaign use | Known |
| Source publication date | Dec. 14, 2018 |
| Exploit type | remote |
| Platform | macos |
| Source update date | Dec. 14, 2018 |
| Source URL | https://raw.githubusercontent.com/rapid7/metasploit-framework/cc7cb7302ef43478292f684f473fadb00f9b4344/modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb |
| Data source | Metasploit |
|---|---|
| Description | This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion (CVE-2018-4233). The JIT region is then replaced with shellcode which loads the second stage. The second stage exploits a logic error in libxpc, which uses command execution via the launchd's "spawn_via_launchd" API (CVE-2018-4404). |
| Note | {}
|
| Ransomware campaign use | Unknown |
| Source publication date | March 15, 2018 |
| Platform | OSX |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.88357 |
| EPSS Score | 0.01760 |
| Published At | Nov. 1, 2024, midnight |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| There are no relevant records. | ||||