WebKit Vulnerability in Apple's iOS, Safari, iCloud, iTunes, and tvOS Products
CVE-2018-4188

6.5MEDIUM

Key Information:

Vendor
Apple
Status
iPhone OS
Safari
Apple Tv
Vendor
CVE Published:
8 June 2018

Summary

A vulnerability exists within the WebKit component of several Apple products that may allow remote attackers to manipulate the address bar, potentially leading to user deception. This issue affects specific versions of iOS, Safari, iCloud on Windows, iTunes on Windows, and tvOS, thus enabling attackers to spoof URLs using specially crafted websites. Users are encouraged to upgrade to the latest versions to mitigate potential threats.

References

https://support.apple.com/HT208850
x_refsource_CONFIRM
https://support.apple.com/HT208853
x_refsource_CONFIRM
https://support.apple.com/HT208854
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.