Multiple vulnerabilities in Apple iCloud
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-4088 CVE-2018-4096 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
iCloud for Windows Client/Desktop applications / Other client software |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU10201
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-4088
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the WebKit component when processing maliciously crafted web content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3.
Vulnerable software versionsiCloud for Windows: 6.0.0 - 7.2
CPE2.3- cpe:2.3:a:apple:icloud_for_windows:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud_for_windows:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud_for_windows:6.1.0:*:*:*:*:*:*:*
https://support.apple.com/en-us/HT208473
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU10203
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-4096
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the WebKit component when processing maliciously crafted web content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.3.
Vulnerable software versionsiCloud for Windows: 6.0.0 - 7.2
CPE2.3- cpe:2.3:a:apple:icloud_for_windows:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud_for_windows:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud_for_windows:6.1.0:*:*:*:*:*:*:*
https://support.apple.com/en-us/HT208473
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
