CVE-2018-4117 — Sensitive Information Exposure in Apple Icloud

CWE-200 — Sensitive Information Exposure15 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

1.0%

top 23.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Iphone OS Apple Itunes +8 more

Timeline

PublishedApr 3

Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶NVDapple/icloud< 7.4

▶NVDapple/itunes< 12.7.4

▶NVDapple/safari< 11.1

▶NVDapple/watchos< 4.3

▶NVDapple/iphone_os< 11.3

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-m8xg-hqfh-frp5: An issue was discovered in certain Apple products↗2022-05-14

▶

CVEList

CVE-2018-4117: An issue was discovered in certain Apple products↗2018-04-03

▶

OSV

CVE-2018-4117: An issue was discovered in certain Apple products↗2018-04-03

▶

📋Vendor Advisories

Red Hat

chromium-browser: Cross origin information leak in Blink↗2018-07-24

▶

Ubuntu

WebKitGTK+ vulnerabilities↗2018-04-30

▶

Apple

CVE-2018-4117: watchOS 4.3↗2018-03-29

▶

Apple

CVE-2018-4117: iOS 11.3↗2018-03-29

▶

Apple

CVE-2018-4117: iTunes 12.7.4 for Windows↗2018-03-29

▶

💬Community

Bugzilla

CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-↗2018-07-25

▶

Bugzilla

CVE-2018-4117 chromium-browser: Cross origin information leak in Blink↗2018-07-25

▶

Bugzilla

▶