Spoofing Issue in Apple's iOS, watchOS, tvOS, Safari, and macOS Products
CVE-2018-4277

7.5HIGH

Key Information:

Vendor
Apple
Status
Safari
iPhone OS
Watch OS
Mac Os X
Vendor
CVE Published:
11 January 2019

Summary

A spoofing issue in various Apple products prior to specific updates allowed attackers to manipulate the handling of URLs, potentially misleading users into interacting with malicious links. This vulnerability highlights the need for improved input validation to safeguard user data and enhance overall security across the affected platforms.

References

https://support.apple.com/HT208854
x_refsource_CONFIRM
https://support.apple.com/HT208935
x_refsource_CONFIRM
https://support.apple.com/HT208937
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.