CVE-2018-4117

moderate-risk
Published 2018-04-03

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Do I need to act?

-
0.95% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (12)

Affected Vendors

Debian Redhat Apple Canonical Webkitgtk

References (24)

Third Party Advisory http://www.securityfocus.com/bid/104887
Third Party Advisory http://www.securitytracker.com/id/1040604
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2282
Third Party Advisory https://security.gentoo.org/glsa/201808-01
Third Party Advisory https://security.gentoo.org/glsa/201808-04
Vendor Advisory https://support.apple.com/HT208693
Vendor Advisory https://support.apple.com/HT208694
Vendor Advisory https://support.apple.com/HT208695
Vendor Advisory https://support.apple.com/HT208696
Vendor Advisory https://support.apple.com/HT208697
Third Party Advisory https://usn.ubuntu.com/3635-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4256
Third Party Advisory http://www.securityfocus.com/bid/104887
Third Party Advisory http://www.securitytracker.com/id/1040604
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2282
Third Party Advisory https://security.gentoo.org/glsa/201808-01
Third Party Advisory https://security.gentoo.org/glsa/201808-04
Vendor Advisory https://support.apple.com/HT208693
Vendor Advisory https://support.apple.com/HT208694
Vendor Advisory https://support.apple.com/HT208695
and 4 more references
44
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 3/34 · Minimal
Exposure 17/34 · Moderate