CVE-2018-4232
Summary
| CVE | CVE-2018-4232 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-08 18:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Apple Safari Multiple Flaws Let Remote Users Spoof URLs, Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| About the security content of Safari 11.1.1 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| About the security content of tvOS 11.4 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| About the security content of iCloud for Windows 7.5 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| About the security content of iOS 11.4 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| USN-3687-1: WebKitGTK+ vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| WebkitGTK+: Multiple vulnerabilities (GLSA 201808-04) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| About the security content of iTunes 12.7.5 for Windows - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710228 Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 201808-04)