CVE-2018-4319 — Origin Validation Error in Apple Icloud

CWE-346 — Origin Validation Error11 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.3%

top 45.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Iphone OS Apple Itunes +1 more

Timeline

PublishedApr 3

Latest updateMay 13

Description

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDapple/icloud< 7.7

▶NVDapple/itunes< 12.9

▶NVDapple/safari< 12

▶NVDapple/iphone_os< 12.0

🔴Vulnerability Details

GHSA

GHSA-hgf5-w332-962x: A cross-origin issue existed with "iframe" elements↗2022-05-13

▶

OSV

CVE-2018-4319: A cross-origin issue existed with "iframe" elements↗2019-04-03

▶

CVEList

CVE-2018-4319: A cross-origin issue existed with "iframe" elements↗2019-04-03

▶

📋Vendor Advisories

Apple

CVE-2018-4319: iCloud for Windows 7.7↗2018-10-08

▶

Ubuntu

WebKitGTK+ vulnerabilities↗2018-10-03

▶

Apple

CVE-2018-4319: Safari 12↗2018-09-17

▶

Apple

CVE-2018-4319: iOS 12↗2018-09-17

▶

Apple

CVE-2018-4319: watchOS 5↗2018-09-17

▶