5
CVSSv2

CVE-2018-4293

Published: 03/04/2019 Updated: 05/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 481
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Apple macOS Sierra could allow a local malicious user to bypass security restrictions, caused by a cookie management issue in the CFNetwork component. By using a specially-crafted application, an attacker could exploit this vulnerability to allow cookies to unexpectedly persist in Safari.

Vulnerability Trend

Affected Products

Vendor Product Versions
AppleIcloud5.2.1, 6.0, 6.0.1, 6.1, 6.1.1, 6.2, 6.2.2, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5
AppleItunes-, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.5, 4.5.0, 4.6, 4.6.0, 4.7, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.9.0, 5.0, 5.0.0, 5.0.1, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.2.0, 7.3.0, 7.3.1, 7.3.2, 7.4, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.5, 7.5.0, 7.6, 7.6.0, 7.6.1, 7.6.2, 7.7, 7.7.0, 7.7.1, 8.0.0, 8.0.1, 8.1, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.1, 9.1.1, 9.2, 9.2.1, 10.0, 10.0.1, 10.1, 10.1.1, 10.1.1.4, 10.1.2, 10.2, 10.2.2.12, 10.3, 10.3.1, 10.4, 10.4.0.80, 10.4.1, 10.4.1.10, 10.5, 10.5.1, 10.5.1.42, 10.5.2, 10.5.3, 10.6, 10.6.1, 10.6.3, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.1, 11.1.1, 11.1.2, 11.1.3, 11.1.4, 11.1.5, 11.2, 11.2.1, 12.0, 12.0.1, 12.1, 12.1.1, 12.1.2, 12.1.3, 12.2, 12.2.1, 12.2.2, 12.3, 12.3.0, 12.3.1, 12.4, 12.4.1, 12.4.2, 12.4.3, 12.5, 12.5.1, 12.5.2, 12.5.3, 12.5.4, 12.5.5, 12.6, 12.6.1, 12.6.2, 12.6.3, 12.7, 12.7.1, 12.7.2, 12.7.3, 12.7.4, 12.7.5
AppleIphone Os1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.2, 2.2.1, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2.1, 4.2.5, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5, 5.0, 5.0.1, 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.1, 7.1.1, 7.1.2, 8.0, 8.0.1, 8.0.2, 8.1, 8.1.2, 8.1.3, 8.2, 8.3, 8.4.1, 9.0, 9.0.1, 9.0.2, 9.1, 9.2, 9.2.1, 9.3, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.1, 10.1.1, 10.2, 10.2.1, 10.3, 10.3.1, 10.3.2, 10.3.3, 11, 11.0, 11.0.1, 11.0.2, 11.0.3, 11.1, 11.1.1, 11.1.2, 11.2, 11.2.1, 11.2.2, 11.2.5, 11.2.6, 11.3, 11.3.1, 11.4
AppleMac Os X-, 10.0, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.1, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.2, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.2.8, 10.3, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8, 10.3.9, 10.4, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.4.8, 10.4.9, 10.4.10, 10.4.11, 10.5, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8, 10.6.0, 10.6.1, 10.6.2, 10.6.3, 10.6.4, 10.6.5, 10.6.6, 10.6.7, 10.6.8, 10.7.0, 10.7.1, 10.7.2, 10.7.3, 10.7.4, 10.7.5, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.9, 10.9.1, 10.9.2, 10.9.3, 10.9.4, 10.9.5, 10.10.0, 10.10.1, 10.10.2, 10.10.3, 10.10.4, 10.10.5, 10.11.0, 10.11.1, 10.11.2, 10.11.3, 10.11.4, 10.11.5, 10.11.6, 10.12, 10.12.0, 10.12.1, 10.12.2, 10.12.3, 10.12.4, 10.12.5, 10.12.6, 10.13, 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5
AppleTvos1.0.0, 1.1.0, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 3.0.0, 3.0.1, 3.0.2, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.4.0, 4.4.2, 4.4.3, 4.4.4, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.2.0, 6.0, 6.0.1, 6.0.2, 6.1, 6.1.1, 6.1.2, 6.2, 6.2.1, 7.0, 7.0.1, 7.0.3, 7.1, 9.0, 9.0.1, 9.1, 9.1.1, 9.2, 9.2.1, 9.2.2, 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2, 11, 11.0, 11.1, 11.2, 11.2.1, 11.2.6, 11.3
AppleWatchos1.0, 1.0.1, 2.0, 2.0.1, 2.1, 2.2, 2.2.0, 2.2.1, 2.2.2, 3.0, 3.1, 3.1.1, 3.1.3, 3.2, 3.2.2, 3.2.3, 4, 4.0, 4.0.1, 4.1, 4.2.3, 4.3, 4.3.1

Vendor Advisories

About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-2 watchOS 432 watchOS 432 is now available and addresses the following: CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: an anonymous res ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-6 iCloud for Windows 76 iCloud for Windows 76 is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-6 iCloud for Windows 76 iCloud for Windows 76 is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availabl ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address the following: AMD Available for: macOS High Sierra 1 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 1141 iOS 1141 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improv ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-7 iTunes 128 for Windows iTunes 128 for Windows is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-7 iTunes 128 for Windows iTunes 128 for Windows is now available and addresses the following: CFNetwork Available for: Windows 7 and later Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 1141 iOS 1141 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improv ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-2 watchOS 432 watchOS 432 is now available and addresses the following: CFNetwork Available for: All Apple Watch models Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: an anonymous res ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 1141 tvOS 1141 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-3 tvOS 1141 tvOS 1141 is now available and addresses the following: CFNetwork Available for: Apple TV 4K and Apple TV (4th generation) Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks CVE-2018-4293: a ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10136, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10136, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Availa ...