First published: Tue May 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.
Credit: Jun Kokatsu @shhnjk product-security@apple.com product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iTunes for Windows | <12.7.5 | 12.7.5 |
Apple Safari | <11.1.1 | |
Apple iPhone OS | <11.4 | |
Apple tvOS | <11.4 | |
All of | ||
Apple iCloud | <7.5 | |
Microsoft Windows | ||
All of | ||
Apple iTunes | <12.7.5 | |
Microsoft Windows | ||
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
Apple iCloud | <7.5 | |
Microsoft Windows | ||
Apple iTunes | <12.7.5 | |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.17.10.1 | 2.20.3-0ubuntu0.17.10.1 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.18.04.1 | 2.20.3-0ubuntu0.18.04.1 |
ubuntu/webkit2gtk | <2.20.3 | 2.20.3 |
ubuntu/webkit2gtk | <2.20.3-0ubuntu0.16.04.1 | 2.20.3-0ubuntu0.16.04.1 |
debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.3-1~deb11u1 2.44.2-1~deb12u1 2.44.3-1~deb12u1 2.44.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-4190 is a vulnerability in certain Apple products, including iOS, Safari, iCloud, iTunes, and tvOS, that allows remote attackers to obtain sensitive information.
iOS versions before 11.4, Safari versions before 11.1.1, iCloud versions before 7.5 on Windows, iTunes versions before 12.7.5 on Windows, and tvOS versions before 11.4 are affected by CVE-2018-4190.
CVE-2018-4190 has a severity score of 8.8, which is considered high.
To fix CVE-2018-4190, update your affected software to the recommended version: iOS 11.4 or later, Safari 11.1.1 or later, iCloud 7.5 or later on Windows, iTunes 12.7.5 or later on Windows, and tvOS 11.4 or later.
You can find more information about CVE-2018-4190 at the following references: [link1], [link2], [link3].