HomePentest-Tools.com Logo

Apple Safari Security Updates(HT208695) CVE-2018-4102CVE-2018-4116CVE-2018-4137CVE-2018-4101CVE-2018-4114CVE-2018-4118CVE-2018-4119CVE-2018-4120CVE-2018-4121CVE-2018-4122CVE-2018-4125CVE-2018-4127CVE-2018-4128CVE-2018-4129CVE-2018-4130CVE-2018-4161CVE-2018-4162CVE-2018-4163CVE-2018-4165CVE-2018-4133CVE-2018-4113CVE-2018-4146CVE-2018-4117

Severity
CVSSv3 Score
8.8
Vulnerability description

Apple Safari is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - An inconsistent user interface issue due to insufficient state management. - Safari autofill did not require explicit user interaction before taking place. - Multiple memory corruption issues. - A cross-site scripting due to improper URL validation. - An array indexing issue existed in the handling of a function in javascript core. - A cross-origin issue due to improper input validation. Successful exploitation of this vulnerability will allow remote attackers to conduct address bar spoofing, exfiltrate autofilled data in Safari, execute arbitrary code, conduct cross-site scripting attack, conduct a denial of service and exfiltrate data cross-origin.

Recommendation

Upgrade to Apple Safari 11.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 3, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available