CVE-2018-4278
Summary
| CVE | CVE-2018-4278 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-11 18:29:00 UTC |
| Updated | 2023-11-07 02:58:00 UTC |
| Description | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Icloud | All | All | All | All |
| Application | Apple | Icloud | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Itunes | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Page Not Found - Official Apple Support | MISC | support.apple.com | Broken Link, Vendor Advisory |
| Page Not Found - Official Apple Support | support.apple.com | ||
| Page Not Found - Official Apple Support | support.apple.com | ||
| Page Not Found - Official Apple Support | support.apple.com | ||
| Page Not Found - Official Apple Support | MISC | support.apple.com | Broken Link, Vendor Advisory |
| Page Not Found - Official Apple Support | MISC | support.apple.com | Broken Link, Vendor Advisory |
| Apple iOS Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, and Spoof URLs, Remote and Local Users Obtain Potentially Sensitive Information, and Let Applications Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | Third Party Advisory |
| About the security content of iCloud for Windows 7.6 - Apple Support | CONFIRM | support.apple.com | Vendor Advisory |
| USN-3743-1: WebKitGTK+ vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| WebkitGTK+: Multiple vulnerabilities (GLSA 201808-04) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| Page Not Found - Official Apple Support | support.apple.com | ||
| Page Not Found - Official Apple Support | MISC | support.apple.com | Broken Link, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710228 Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 201808-04)