A single mouse click bypass all system security
Sometimes in ordinary software, and this is a browser, there are such very serious security errors that it is hard to believe. If you have not upgraded your Apple devices to the latest version 11.4 or have not updated other Apple products, please do so as soon as possible. CVE-2018-4192 vulnerability allows remote code execution with one mouse click on an infected web page. In addition to the entire system, other products that use the WebKit engine to display websites in various software (not necessarily in the browser) are vulnerable. So the applications are vulnerable:
- Safari before version 11.1.1.
- iCloud for Windows by version 7.5.
- iTunes for Windows before version 12.7.5.
- tvOS older than 11.4.
- watchOS older than 4.3.1.
Markus Gaasedelen, Nick Burnett and Patrick Biernat of Ret2 Systems as part of the Trend Micro 'Zero Day Initiative' program demonstrated the vulnerability of CVE-2018-4192 at the Pwn2Own 2018 conference in June 2018. The vulnerability is simple to use, but the malicious code does not work every time. Out of 1000 attempts to launch explita, 95% of cases were successful. At the conference in the presented attack, the exploit worked 3 times for 4 attempts.
Apple devices with system version 11.4 and the applications mentioned above are no longer vulnerable to this attack (provided that they have been updated).
Add new comment
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.