CVE-2018-4278
Last modified
CVE-2018-4278 is a vulnerability of currently unknown severity. In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.
Description
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | < 11.1.2 |
| Apple | Iphone Os | < 11.4.1 |
| Apple | Tvos | < 11.4.1 |
| Apple | Icloud | < 7.6 |
| Apple | Itunes | < 12.8 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 18.04 |
References
- http://www.securitytracker.com/id/1041232Third Party Advisory, VDB Entry
- https://security.gentoo.org/glsa/201808-04Third Party Advisory
- https://support.apple.com/HT208932Vendor Advisory
- https://usn.ubuntu.com/3743-1/Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/146479Third Party Advisory
- http://www.securitytracker.com/id/1041232Third Party Advisory, VDB Entry
- https://security.gentoo.org/glsa/201808-04Third Party Advisory
- https://support.apple.com/HT208932Vendor Advisory
- https://usn.ubuntu.com/3743-1/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-4278?
How severe is CVE-2018-4278?
How do I fix CVE-2018-4278?
Are you affected by CVE-2018-4278?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST