CVE-2018-4277

HIGH

Safari < 11.1.1 - URL Spoofing via Improper Input Validation

Title source: llm
STIX 2.1

Description

In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208854
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208935
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208937
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041232
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208936
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208938

Scores

CVSS v3 7.5
EPSS 0.0187
EPSS Percentile 76.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (5)
apple/iphone_os < 11.4.1
apple/mac_os_x < 10.13.6
apple/safari < 11.1.1
apple/tvos < 11.4.1
apple/watchos < 4.3.2
Published Jan 11, 2019
Tracked Since Feb 18, 2026