CVE-2018-4278
MEDIUMSafari < 11.1.2 - Cross-Origin Audio Data Exfiltration via Audio Element
Title source: llmDescription
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
References (9)
Core 9
Core References
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/146479
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208934%2C
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208932
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3743-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201808-04
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208933%2C
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208938%2C
Vendor Advisory x_refsource_misc
https://support.apple.com/HT208936%2C
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041232
Scores
CVSS v3
4.3
EPSS
0.0059
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
Status
published
Products (7)
apple/icloud
< 7.6
apple/iphone_os
< 11.4.1
apple/itunes
< 12.8
apple/safari
< 11.1.2
apple/tvos
< 11.4.1
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
Published
Jan 11, 2019
Tracked Since
Feb 18, 2026