PT-2018-16478 · Apple+3 · Itunes For Windows+9

Published

2018-09-12

·

Updated

2019-03-23

·

CVE-2018-4208

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 11.3 Apple Safari versions prior to 11.1 Apple iCloud for Windows versions prior to 7.4 Apple tvOS versions prior to 11.3 Apple watchOS versions prior to 4.3 Apple iTunes for Windows versions prior to 12.7.4
Description The issue is caused by an unexpected interaction that results in an ASSERT failure. This was addressed with improved checks.
Recommendations For iOS versions prior to 11.3, update to version 11.3 or later. For Safari versions prior to 11.1, update to version 11.1 or later. For iCloud for Windows versions prior to 7.4, update to version 7.4 or later. For tvOS versions prior to 11.3, update to version 11.3 or later. For watchOS versions prior to 4.3, update to version 4.3 or later. For iTunes for Windows versions prior to 12.7.4, update to version 12.7.4 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2308
CVE-2018-4208
OPENSUSE-SU-2019:0081-1
OPENSUSE-SU-2019_0068-1
OPENSUSE-SU-2019_0081-1
SUSE-SU-2019:0059-1
SUSE-SU-2019:0092-1
USN-3781-1
USN-3781-2

Affected Products

Alt Linux
Safari
Suse
Ubuntu
Icloud For Windows
Ios
Itunes
Itunes For Windows
Tvos
Watchos