5
MEDIUM

CVE-2018-4277

Published: 11/01/2019 Updated: 08/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vulnerability Summary

In iOS prior to 11.4.1, watchOS prior to 4.3.2, tvOS prior to 11.4.1, Safari prior to 11.1.1, macOS High Sierra prior to 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
AppleSafari-, 1.0, 1.0.0, 1.0.0b1, 1.0.0b2, 1.0.1, 1.0.2, 1.0.3, 1.0b1, 1.1, 1.1.0, 1.1.1, 1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3, 1.3.0, 1.3.1, 1.3.2, 2, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3, 3.0, 3.0.0, 3.0.0b, 3.0.1, 3.0.1b, 3.0.2, 3.0.2b, 3.0.3, 3.0.3b, 3.0.4, 3.0.4b, 3.1.0, 3.1.0b, 3.1.1, 3.1.1b, 3.1.2, 3.1.2b, 3.2.0, 3.2.0b, 3.2.1, 3.2.1b, 3.2.2, 3.2.2b, 4.0, 4.0.0b, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1, 4.1.1, 4.1.2, 5.0, 5.0.1, 5.0.2, 5.0.4, 5.0.5, 5.0.6, 5.1, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.2.4, 6.2.5, 6.2.6, 6.2.8, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.1, 7.1.4, 7.1.5, 7.1.6, 7.1.8, 8.0, 8.0.4, 8.0.5, 8.0.6, 8.0.8, 9.0.1, 9.0.2, 9.0.3, 9.1, 9.1.1, 9.1.3, 10.0.3, 10.1, 10.1.1, 10.1.2, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1
AppleIphone Os1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.2, 2.2.1, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2.1, 4.2.5, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5, 5.0, 5.0.1, 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1, 8.0.2, 8.1, 8.1.2, 8.1.3, 8.2, 8.3, 8.4.1, 9.0, 9.0.1, 9.0.2, 9.1, 9.2, 9.2.1, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.1, 10.2, 10.2.1, 10.3, 10.3.1, 10.3.2, 10.3.3, 11, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1, 11.1.1, 11.1.2, 11.2, 11.2.1, 11.2.2, 11.2.5, 11.2.6, 11.3, 11.3.1, 11.4
AppleMac Os X-, 10.0, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.1, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.3, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8, 10.3.9, 10.4, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.4.8, 10.4.9, 10.4.10, 10.4.11, 10.5, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.6.4, 10.6.5, 10.6.6, 10.6.7, 10.6.8, 10.7.0, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.9, 10.9.1, 10.9.2, 10.9.3, 10.9.4, 10.9.5, 10.10.0, 10.10.1, 10.10.2, 10.10.3, 10.10.4, 10.10.5, 10.11.0, 10.11.1, 10.11.2, 10.11.3, 10.11.4, 10.11.5, 10.11.6, 10.12, 10.12.0, 10.12.1, 10.12.2, 10.12.3, 10.12.4, 10.12.5, 10.12.6, 10.13, 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5
AppleTvos1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 3.0.0, 3.0.1, 3.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.4.2, 4.4.3, 4.4.4, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.1, 6.1.2, 6.2, 6.2.1, 7.0, 7.0.1, 7.0.3, 7.1, 9.0, 9.0.1, 9.1, 9.1.1, 9.2, 9.2.1, 9.2.2, 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2, 11, 11.0, 11.1, 11.2, 11.2.1, 11.2.6, 11.3
AppleWatchos1.0, 1.0.1, 2.0, 2.0.1, 2.1, 2.2, 2.2.0, 2.2.1, 2.2.2, 3.0, 3.1, 3.1.1, 3.1.3, 3.2, 3.2.2, 3.2.3, 4, 4.0, 4.0.1, 4.1, 4.2.3, 4.3, 4.3.1

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-2 watchOS 432 watchOS 432 is now available and addresses the following: CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: an anonymous res ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 1141 iOS 1141 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improv ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 1141 iOS 1141 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improv ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 1141 tvOS 1141 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-2 watchOS 432 watchOS 432 is now available and addresses the following: CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: an anonymous res ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 1141 tvOS 1141 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...

References