CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Published: Apr 3, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-4117
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	11.3
apple / safari	-	11.1
apple / watchos	-	4.3
apple / icloud	-	7.4
apple / itunes	-	12.7.4
webkitgtk / webkitgtk+	-	2.20.4
canonical / ubuntu_linux	16.04	16.04.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	17.10	17.10.x

Vulnerability Database

289,697

CVE-2018-4117