How severe is CVE-2018-4246?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-4246?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2018-4246 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.

Related Vulnerabilities

CVE-2010-1822

HIGH

CVSS:8.8(High)

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to e...

CWE-7042010

CVE-2011-1805

HIGH

CVSS:8.8(High)

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7042011

CVE-2016-5161

HIGH

CVSS:8.8(High)

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishan...

CWE-7042016

CVE-2016-5263

HIGH

CVSS:8.8(High)

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code...

CWE-7042016

CVE-2016-7860

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016

CVE-2016-7861

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016