A single mouse click bypass all system security

Sometimes in ordinary software, and this is a browser, there are such very serious security errors that it is hard to believe. If you have not upgraded your Apple devices to the latest version 11.4 or have not updated other Apple products, please do so as soon as possible. CVE-2018-4192 vulnerability allows remote code execution with one mouse click on an infected web page. In addition to the entire system, other products that use the WebKit engine to display websites in various software (not necessarily in the browser) are vulnerable. So the applications are vulnerable:

  • Safari before version 11.1.1.
  • iCloud for Windows by version 7.5.
  • iTunes for Windows before version 12.7.5.
  • tvOS older than 11.4.
  • watchOS older than 4.3.1.

The problem concerns users of Apple devices and users using Apple software on Windows. The attacker, if he bases the victim's JavaScript code on a malicious website (which is very easy), a link in the software or a link in an email, will be able to steal information, do a DoS attack, execute arbitrary code (or anything at the same time) with root privileges / administrator after the escape of malicious code from the browser's sandbox or from software using the WebKit component.

Markus Gaasedelen, Nick Burnett and Patrick Biernat of Ret2 Systems as part of the Trend Micro 'Zero Day Initiative' program demonstrated the vulnerability of CVE-2018-4192 at the Pwn2Own 2018 conference in June 2018. The vulnerability is simple to use, but the malicious code does not work every time. Out of 1000 attempts to launch explita, 95% of cases were successful. At the conference in the presented attack, the exploit worked 3 times for 4 attempts.

Apple devices with system version 11.4 and the applications mentioned above are no longer vulnerable to this attack (provided that they have been updated).



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.