{"api_version":"1","generated_at":"2026-05-04T09:03:04+00:00","cve":"CVE-2018-4209","urls":{"html":"https://cve.report/CVE-2018-4209","api":"https://cve.report/api/cve/CVE-2018-4209.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-4209","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-4209"},"summary":{"title":"CVE-2018-4209","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-01-11 18:29:00","updated_at":"2023-11-07 02:58:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT208698","name":"https://support.apple.com/en-us/HT208698","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of tvOS 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT208696","name":"https://support.apple.com/en-us/HT208696","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of watchOS 4.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT208697","name":"https://support.apple.com/en-us/HT208697","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of iCloud for Windows 7.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208698%2C","name":"https://support.apple.com/HT208698%2C","refsource":"","tags":[],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208693%2C","name":"https://support.apple.com/HT208693%2C","refsource":"","tags":[],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://usn.ubuntu.com/3781-1/","name":"USN-3781-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3781-1: WebKitGTK+ vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208694","name":"https://support.apple.com/HT208694","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iTunes 12.7.4 for Windows - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208693,","name":"https://support.apple.com/HT208693,","refsource":"MISC","tags":["Broken Link","Vendor Advisory"],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208697%2C","name":"https://support.apple.com/HT208697%2C","refsource":"","tags":[],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT208695","name":"https://support.apple.com/en-us/HT208695","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of Safari 11.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT208693","name":"https://support.apple.com/en-us/HT208693","refsource":"MISC","tags":["Vendor Advisory"],"title":"About the security content of iOS 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208696%2C","name":"https://support.apple.com/HT208696%2C","refsource":"","tags":[],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/201812-04","name":"GLSA-201812-04","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"WebkitGTK+: Multiple vulnerabilities (GLSA 201812-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT208695%2C","name":"https://support.apple.com/HT208695%2C","refsource":"","tags":[],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208696,","name":"https://support.apple.com/HT208696,","refsource":"MISC","tags":["Broken Link","Vendor Advisory"],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208695,","name":"https://support.apple.com/HT208695,","refsource":"MISC","tags":["Broken Link","Vendor Advisory"],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208698,","name":"https://support.apple.com/HT208698,","refsource":"MISC","tags":["Broken Link","Vendor Advisory"],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://support.apple.com/HT208697,","name":"https://support.apple.com/HT208697,","refsource":"MISC","tags":["Broken Link","Vendor Advisory"],"title":"Page Not Found - Official Apple Support","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-4209","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-4209","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webkit","cpe5":"webkitgtk+","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webkit","cpe5":"webkitgtk\\+","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"4209","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webkit","cpe5":"webkitgtk\\+","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-4209","qid":"710249","title":"Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 201812-04)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2018-4209","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT208695,","refsource":"MISC","url":"https://support.apple.com/HT208695,"},{"name":"https://support.apple.com/HT208697,","refsource":"MISC","url":"https://support.apple.com/HT208697,"},{"name":"https://support.apple.com/HT208696,","refsource":"MISC","url":"https://support.apple.com/HT208696,"},{"name":"USN-3781-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3781-1/"},{"name":"https://support.apple.com/HT208698,","refsource":"MISC","url":"https://support.apple.com/HT208698,"},{"name":"GLSA-201812-04","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201812-04"},{"name":"https://support.apple.com/HT208694","refsource":"CONFIRM","url":"https://support.apple.com/HT208694"},{"name":"https://support.apple.com/HT208693,","refsource":"MISC","url":"https://support.apple.com/HT208693,"}]}},"nvd":{"publishedDate":"2019-01-11 18:29:00","lastModifiedDate":"2023-11-07 02:58:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"11.3","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndExcluding":"7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndExcluding":"12.7.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:webkit:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.22.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"4209","Ordinal":"120123","Title":"CVE-2018-4209","CVE":"CVE-2018-4209","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"4209","Ordinal":"1","NoteData":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"4209","Ordinal":"2","NoteData":"2019-01-11","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"4209","Ordinal":"3","NoteData":"2019-01-12","Type":"Other","Title":"Modified"}]}}}