cnvd - cnvd-2018-14968

cnvd-2018-14968

Vulnerability from cnvd

Title: Apple iOS信息泄露漏洞（CNVD-2018-14968）

Description:

iOS是由苹果公司开发的移动操作系统。

Apple iOS存在信息泄露漏洞，该漏洞是由于WebKit组件中的跨源访问错误所致，攻击者可利用该漏洞获取音频数据。

Severity: 中

Patch Name: Apple iOS信息泄露漏洞（CNVD-2018-14968）的补丁

Patch Description:

iOS是由苹果公司开发的移动操作系统。

Apple iOS存在信息泄露漏洞，该漏洞是由于WebKit组件中的跨源访问错误所致，攻击者可利用该漏洞获取音频数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT201222

Reference: https://securitytracker.com/id/1041232

Impacted products

Name
Apple IOS <11.4.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4278"
    }
  },
  "description": "iOS\u662f\u7531\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eWebKit\u7ec4\u4ef6\u4e2d\u7684\u8de8\u6e90\u8bbf\u95ee\u9519\u8bef\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u97f3\u9891\u6570\u636e\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT201222",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14968",
  "openTime": "2018-08-10",
  "patchDescription": "iOS\u662f\u7531\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u79fb\u52a8\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eWebKit\u7ec4\u4ef6\u4e2d\u7684\u8de8\u6e90\u8bbf\u95ee\u9519\u8bef\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u97f3\u9891\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-14968\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c11.4.1"
  },
  "referenceLink": "https://securitytracker.com/id/1041232",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-11",
  "title": "Apple iOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-14968\uff09"
}

CVE-2018-4278 (GCVE-0-2018-4278)

Vulnerability from cvelistv5

Published

2019-01-11 18:00

Modified

2024-08-05 05:11

Severity ?

CWE

Summary

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

References

▼	URL	Tags
	https://support.apple.com/HT208934%2C	x_refsource_MISC
	https://support.apple.com/HT208932	x_refsource_CONFIRM
	https://usn.ubuntu.com/3743-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201808-04	vendor-advisory, x_refsource_GENTOO
	https://support.apple.com/HT208933%2C	x_refsource_MISC
	https://support.apple.com/HT208938%2C	x_refsource_MISC
	https://support.apple.com/HT208936%2C	x_refsource_MISC
	http://www.securitytracker.com/id/1041232	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:11:22.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208934%2C"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208932"
          },
          {
            "name": "USN-3743-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3743-1/"
          },
          {
            "name": "GLSA-201808-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201808-04"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208933%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208938%2C"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208936%2C"
          },
          {
            "name": "1041232",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041232"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-12T10:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208934%2C"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208932"
        },
        {
          "name": "USN-3743-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3743-1/"
        },
        {
          "name": "GLSA-201808-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201808-04"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208933%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208938%2C"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208936%2C"
        },
        {
          "name": "1041232",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041232"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208934,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208934,"
            },
            {
              "name": "https://support.apple.com/HT208932",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208932"
            },
            {
              "name": "USN-3743-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3743-1/"
            },
            {
              "name": "GLSA-201808-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201808-04"
            },
            {
              "name": "https://support.apple.com/HT208933,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208933,"
            },
            {
              "name": "https://support.apple.com/HT208938,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208938,"
            },
            {
              "name": "https://support.apple.com/HT208936,",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208936,"
            },
            {
              "name": "1041232",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041232"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4278",
    "datePublished": "2019-01-11T18:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:11:22.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted