PT-2018-16519 · Apple+3 · Tvos+7

Shhnjk

Published

2018-08-06

Updated

2020-08-24

CVE-2018-4278

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 11.1.2 iTunes versions prior to 12.8 for Windows iOS versions prior to 11.4.1 tvOS versions prior to 11.4.1 iCloud for Windows versions prior to 7.6

Description The issue allows sound fetched through audio elements to be exfiltrated cross-origin. This was addressed with improved audio taint tracking.

Recommendations For Safari versions prior to 11.1.2, update to version 11.1.2 or later. For iTunes versions prior to 12.8 for Windows, update to version 12.8 or later. For iOS versions prior to 11.4.1, update to version 11.4.1 or later. For tvOS versions prior to 11.4.1, update to version 11.4.1 or later. For iCloud for Windows versions prior to 7.6, update to version 7.6 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2018-2099

CVE-2018-4278

MGASA-2018-0382

OPENSUSE-SU-2018_2781-1

OPENSUSE-SU-2019_0068-1

SUSE-SU-2018:2752-1

SUSE-SU-2019:0059-1

USN-3743-1

Affected Products

Alt Linux

Safari

Suse

Ubuntu

Icloud For Windows

Ios

Itunes

Tvos

PT-2018-16519 · Apple+3 · Tvos+7

CVE-2018-4278

Related Identifiers

Affected Products

References · 93