CVE-2018-4319

HIGH

Apple Icloud < 7.7 - Origin Validation Error

Title source: rule

Description

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

References (5)

[Vendor Advisory] https://support.apple.com/kb/HT209106

[Vendor Advisory] https://support.apple.com/kb/HT209108

[Vendor Advisory] https://support.apple.com/kb/HT209109

[Vendor Advisory] https://support.apple.com/kb/HT209140

[Vendor Advisory] https://support.apple.com/kb/HT209141

Scores

CVSS v3 8.1

EPSS 0.0032

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-346

Status published

Affected Products (4)

apple/icloud < 7.7

apple/itunes < 12.9

apple/safari < 12

apple/iphone_os < 12.0

Timeline

Published Apr 03, 2019

Tracked Since Feb 18, 2026