CVE-2018-4277 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation7 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 32.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Safari +4 more

Timeline

PublishedJan 11

Latest updateMay 13

Description

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶Appleapple/macos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0

▶NVDapple/tvos< 11.4.1

▶NVDapple/safari< 11.1.1

▶NVDapple/watchos< 4.3.2

▶NVDapple/mac_os_x< 10.13.6

🔴Vulnerability Details

GHSA

GHSA-83rq-ppqv-95c6: In iOS before 11↗2022-05-13

▶

📋Vendor Advisories

Apple

CVE-2018-4277: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan↗2018-07-09

▶

Apple

CVE-2018-4277: iOS 11.4.1↗2018-07-09

▶

Apple

CVE-2018-4277: watchOS 4.3.2↗2018-07-09

▶

Apple

CVE-2018-4277: tvOS 11.4.1↗2018-07-09

▶

Apple

CVE-2018-4277: Safari 11.1.1↗2018-06-01

▶