CVE-2018-4311 — Sensitive Information Exposure in Apple Icloud

CWE-200 — Sensitive Information Exposure11 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 36.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Iphone OS Apple Itunes +2 more

Timeline

PublishedApr 3

Latest updateMay 14

Description

The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶NVDapple/icloud< 7.7

▶NVDapple/itunes< 12.9

▶NVDapple/safari< 12

▶NVDapple/watchos< 5.0

▶NVDapple/iphone_os< 12.0

🔴Vulnerability Details

GHSA

GHSA-8xvx-25f3-w9x7: The issue was addressed by removing origin information↗2022-05-14

▶

CVEList

CVE-2018-4311: The issue was addressed by removing origin information↗2019-04-03

▶

OSV

CVE-2018-4311: The issue was addressed by removing origin information↗2019-04-03

▶

📋Vendor Advisories

Apple

CVE-2018-4311: iCloud for Windows 7.7↗2018-10-08

▶

Ubuntu

WebKitGTK+ vulnerabilities↗2018-10-03

▶

Apple

CVE-2018-4311: watchOS 5↗2018-09-17

▶

Apple

CVE-2018-4311: Safari 12↗2018-09-17

▶

Apple

CVE-2018-4311: iOS 12↗2018-09-17

▶