CVE-2018-4266

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

References

https://support.apple.com/kb/HT208932

https://support.apple.com/kb/HT208933

https://support.apple.com/kb/HT208934

https://support.apple.com/kb/HT208935

https://support.apple.com/kb/HT208936

https://support.apple.com/kb/HT208938

Details

Source: MITRE

Published: 2019-04-03

Updated: 2019-04-04

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
700551Apple iOS < 11.4.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
700504Apple Safari < 11.1.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
123306openSUSE Security Update : webkit2gtk3 (openSUSE-2019-705)NessusSuSE Local Security Checks
critical
121291openSUSE Security Update : webkit2gtk3 (openSUSE-2019-68)NessusSuSE Local Security Checks
high
121093SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0059-1)NessusSuSE Local Security Checks
high
120100SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2018:2752-1)NessusSuSE Local Security Checks
critical
117878Apple iTunes < 12.8 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
117656openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1025)NessusSuSE Local Security Checks
critical
112078GLSA-201808-04 : WebkitGTK+: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
111843Ubuntu 16.04 LTS / 18.04 LTS : WebKitGTK&#43; vulnerabilities (USN-3743-1)NessusUbuntu Local Security Checks
critical
111218Apple iOS < 11.4.1 Multiple VulnerabilitiesNessusMobile Devices
high
111110Apple TV < 11.4.1 Multiple VulnerabilitiesNessusMisc.
high
111109macOS : Apple Safari < 11.1.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
111105Apple iTunes < 12.8 Multiple Vulnerabilities (credentialed check)NessusWindows
high