Vulnerability CVE-2018-4278


Published: 2019-01-11

Description:
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

Type:

CWE-254

(Security Features)

Vendor: Apple
Product: Iphone os 
Version:
9.3.5
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2.1
9.2
9.1
9.0.2
9.0.1
9.0
8.4.1
8.3
8.2
8.1.3
8.1.2
8.1
8.0.2
8.0.1
8.0
7.1.2
7.1.1
7.1
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
See more versions on NVD
Product: TVOS 
Version:
9.2.2
9.2.1
9.2
9.1.1
9.1
9.0.1
9.0
7.1
7.0.3
See more versions on NVD
Product: Itunes 
Version:
9.2.1
9.2
9.1.1
9.1
9.0.3
9.0.2
9.0.1
9.0.0
8.1
8.0.1
8.0.0
7.7.1
7.7.0
7.7
7.6.2
7.6.1
7.6.0
7.6
7.5.0
7.5
7.4.3
7.4.2
7.4.1
7.4.0
7.4
7.3.2
7.3.1
7.3.0
7.2.0
7.1.1
7.1.0
7.0.2
See more versions on NVD
Product: Safari 
Version:
9.1.3
9.1.1
9.1
9.0.3
9.0.2
9.0.1
8.0.8
8.0.6
8.0.5
8.0.4
8.0
7.1.8
7.1.6
7.1.5
7.1.4
7.1
7.0.5
7.0.4
7.0.3
7.0.2
See more versions on NVD
Product: Apple tv 
Version:
9.1.1
9.0.1
7.1
7.0.3
See more versions on NVD
Product: Icloud 
Version:
7.5
7.4
7.3
7.2
7.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securitytracker.com/id/1041232
https://exchange.xforce.ibmcloud.com/vulnerabilities/146479
https://security.gentoo.org/glsa/201808-04
https://support.apple.com/HT208932
https://support.apple.com/HT208933
,
https://support.apple.com/HT208934
,
https://support.apple.com/HT208936
,
https://support.apple.com/HT208938
,
https://usn.ubuntu.com/3743-1/

Related CVE
CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha...
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f...
CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p...
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...
CVE-2019-9512
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d...

Copyright 2019, cxsecurity.com

 

Back to Top