Vulnerability-Lookup

CVE-2018-4278 (GCVE-0-2018-4278)

Vulnerability from cvelistv5 – Published: 2019-01-11 18:00 – Updated: 2024-08-05 05:11

Summary

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

CNVD-2018-14968

Vulnerability from cnvd - Published: 2018-08-10

Title

Apple iOS信息泄露漏洞（CNVD-2018-14968）

Description

iOS是由苹果公司开发的移动操作系统。 Apple iOS存在信息泄露漏洞，该漏洞是由于WebKit组件中的跨源访问错误所致，攻击者可利用该漏洞获取音频数据。

Severity

中

Patch Name

Apple iOS信息泄露漏洞（CNVD-2018-14968）的补丁

Patch Description

iOS是由苹果公司开发的移动操作系统。 Apple iOS存在信息泄露漏洞，该漏洞是由于WebKit组件中的跨源访问错误所致，攻击者可利用该漏洞获取音频数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT201222

Reference

https://securitytracker.com/id/1041232

Impacted products

Name
Apple IOS <11.4.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4278"
    }
  },
  "description": "iOS\u662f\u7531\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eWebKit\u7ec4\u4ef6\u4e2d\u7684\u8de8\u6e90\u8bbf\u95ee\u9519\u8bef\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u97f3\u9891\u6570\u636e\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT201222",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14968",
  "openTime": "2018-08-10",
  "patchDescription": "iOS\u662f\u7531\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eWebKit\u7ec4\u4ef6\u4e2d\u7684\u8de8\u6e90\u8bbf\u95ee\u9519\u8bef\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u97f3\u9891\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-14968\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c11.4.1"
  },
  "referenceLink": "https://securitytracker.com/id/1041232",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-11",
  "title": "Apple iOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-14968\uff09"
}

GSD-2018-4278

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4278

Aliases

CVE-2018-4278

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4278",
    "description": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.",
    "id": "GSD-2018-4278",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-4278.html",
      "https://ubuntu.com/security/CVE-2018-4278",
      "https://advisories.mageia.org/CVE-2018-4278.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4278"
      ],
      "details": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.",
      "id": "GSD-2018-4278",
      "modified": "2023-12-13T01:22:28.234052Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2018-4278",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208934,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208934,"
          },
          {
            "name": "https://support.apple.com/HT208932",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208932"
          },
          {
            "name": "USN-3743-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3743-1/"
          },
          {
            "name": "GLSA-201808-04",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201808-04"
          },
          {
            "name": "https://support.apple.com/HT208933,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208933,"
          },
          {
            "name": "https://support.apple.com/HT208938,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208938,"
          },
          {
            "name": "https://support.apple.com/HT208936,",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT208936,"
          },
          {
            "name": "1041232",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041232"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.6",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4278"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208938,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208938,"
            },
            {
              "name": "https://support.apple.com/HT208936,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208936,"
            },
            {
              "name": "https://support.apple.com/HT208934,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208934,"
            },
            {
              "name": "https://support.apple.com/HT208933,",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208933,"
            },
            {
              "name": "https://support.apple.com/HT208932",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208932"
            },
            {
              "name": "USN-3743-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3743-1/"
            },
            {
              "name": "GLSA-201808-04",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201808-04"
            },
            {
              "name": "1041232",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041232"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146479",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146479"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-01-11T18:29Z"
    }
  }
}

FKIE_CVE-2018-4278

Vulnerability from fkie_nvd - Published: 2019-01-11 18:29 - Updated: 2024-11-21 04:07

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://www.securitytracker.com/id/1041232	Third Party Advisory, VDB Entry
product-security@apple.com	https://security.gentoo.org/glsa/201808-04	Third Party Advisory
product-security@apple.com	https://support.apple.com/HT208932	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208933%2C
product-security@apple.com	https://support.apple.com/HT208934%2C
product-security@apple.com	https://support.apple.com/HT208936%2C
product-security@apple.com	https://support.apple.com/HT208938%2C
product-security@apple.com	https://usn.ubuntu.com/3743-1/	Third Party Advisory
nvd@nist.gov	https://exchange.xforce.ibmcloud.com/vulnerabilities/146479	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041232	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201808-04	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208932	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208933%2C
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208934%2C
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208936%2C
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208938%2C
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3743-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
apple	safari	*
apple	iphone_os	*
apple	tvos	*
apple	icloud	*
apple	itunes	*
microsoft	windows	*
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B9B534-35A4-49C4-B19C-C18BA185E0C4",
              "versionEndExcluding": "11.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "717822F6-6246-4D7C-BF1E-0A0A2A105B7B",
              "versionEndExcluding": "11.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "232180F0-DF72-4DE7-8DF8-7CE0D7771406",
              "versionEndExcluding": "11.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45B035E-E267-4CC0-875D-35B45E86A72C",
              "versionEndExcluding": "7.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F3E6C3-A7EA-4F63-A5F2-659FA32766E6",
              "versionEndExcluding": "12.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
    },
    {
      "lang": "es",
      "value": "En Safari en versiones anteriores a la 11.1.2, iTunes en versiones anteriores a la 12.8 para Windows, iOS en versiones anteriores a la 11.4.1, tvOS en versiones anteriores a la 11.4.1 e iCloud para Windows en versiones anteriores a la 7.6, el sonido capturado mediante elementos de audio podr\u00eda exfiltrarse con or\u00edgenes cruzados. Este problema se abord\u00f3 mediante la mejora del rastreo de la contaminaci\u00f3n de audio."
    }
  ],
  "id": "CVE-2018-4278",
  "lastModified": "2024-11-21T04:07:06.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-11T18:29:02.937",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041232"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208932"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/HT208933%2C"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/HT208934%2C"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/HT208936%2C"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/HT208938%2C"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3743-1/"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208933%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208934%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208936%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT208938%2C"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3743-1/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2018-AVI-329

Vulnerability from certfr_avis - Published: 2018-07-10 - Updated: 2018-07-10

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X El Capitan 10.11.6 sans le correctif de sécurité 2018-004
Apple	N/A	iCloud for Windows versions antérieures à 7.6
Apple	Safari	Safari versions antérieures à 11.1.2
Apple	N/A	watchOS versions antérieures à 4.3.2
Apple	macOS	macOS High Sierra versions antérieures à 10.13.6
Apple	macOS	macOS Sierra versions 10.12.6 sans le correctif de sécurité 2018-004
Apple	N/A	iOS versions antérieures à 11.4.1
Apple	N/A	iTunes versions antérieures à 12.8
Apple	N/A	tvOS versions antérieures à 11.4.1

References

Title

Publication Time

GHSA-9FPC-GM44-7X7Q

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4278"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-11T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.",
  "id": "GHSA-9fpc-gm44-7x7q",
  "modified": "2022-05-13T01:20:15Z",
  "published": "2022-05-13T01:20:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4278"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146479"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208932"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208933,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208934,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208936,"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208938,"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3743-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4278 (GCVE-0-2018-4278)

CNVD-2018-14968

GSD-2018-4278

FKIE_CVE-2018-4278

CERTFR-2018-AVI-329

Solution

GHSA-9FPC-GM44-7X7Q

Tags

Sightings

Nomenclature