cve/2018/CVE-2018-4386.md

### [CVE-2018-4386](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4386)
![](https://img.shields.io/static/v1?label=Product&message=iOS%2C%20tvOS%2C%20watchOS%2C%20Safari%2C%20%20iTunes%20for%20Windows%2C%20iCloud%20for%20Windows&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20maliciously%20crafted%20web%20content%20may%20lead%20to%20arbitrary%20code%20execution&color=brighgreen)

### Description

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

### POC

#### Reference
- http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Fire30/bad_hoist
- https://github.com/Francesco146/Francesco146.github.io
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/otravidaahora2t/js-vuln-db
- https://github.com/tunz/js-vuln-db