1. Home
  2. CVE Database
  3. CVE-2018-4278
MEDIUM · 4.3

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. Thi...

Vulnerability Description

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AppleSafari< 11.1.2
AppleIphone Os< 11.4.1
AppleTvos< 11.4.1
AppleIcloud< 7.6
AppleItunes< 12.8
MicrosoftWindowsAll versions
CanonicalUbuntu Linux16.04

References

FAQ

What is CVE-2018-4278?

CVE-2018-4278 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. Thi...

How severe is CVE-2018-4278?

CVE-2018-4278 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-4278?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Iphone Os, Apple Tvos, Apple Icloud, Apple Itunes.