CVE-2018-4277: Input Validation
First published: Mon Jul 09 2018(Updated: )
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Credit: xisigr Tencent product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <11.4.1 | 11.4.1 |
| macOS High Sierra | <10.13.6 | 10.13.6 |
| macOS High Sierra | ||
| Apple El Capitan | ||
| Apple iOS, iPadOS, and watchOS | <4.3.2 | 4.3.2 |
| Apple iOS and iPadOS | <11.4.1 | 11.4.1 |
| Safari | <11.1.1 | |
| iPhone OS | <11.4.1 | |
| Apple iOS and macOS | <10.13.6 | |
| tvOS | <11.4.1 | |
| Apple iOS, iPadOS, and watchOS | <4.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208935 (Advisory)
- https://support.apple.com/en-us/HT208936 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208938 (Advisory)
- http://www.securitytracker.com/id/1041232
- https://support.apple.com/HT208854
- https://support.apple.com/HT208935
- https://support.apple.com/HT208936
- https://support.apple.com/HT208937
- https://support.apple.com/HT208938
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4282
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-4270
- CVE-2018-4278
- CVE-2018-4284
- CVE-2018-4266
- CVE-2018-4261
- CVE-2018-4262
- CVE-2018-4263
- CVE-2018-4264
- CVE-2018-4265
- CVE-2018-4267
- CVE-2018-4272
- CVE-2018-4271
- CVE-2018-4273
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-5383
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4456
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- CVE-2018-4290
- CVE-2018-4327
- CVE-2018-4216
- CVE-2018-4260
- CVE-2018-4275
Frequently Asked Questions
What is CVE-2018-4277?
CVE-2018-4277 is a vulnerability in Apple software where a spoofing issue existed in the handling of URLs.
How severe is CVE-2018-4277?
CVE-2018-4277 has a severity value of 7.5 (High).
Which software versions are affected by CVE-2018-4277?
iOS versions up to 11.4.1, watchOS versions up to 4.3.2, tvOS versions up to 11.4.1, Safari versions up to 11.1.1, macOS High Sierra versions up to 10.13.6 are affected by CVE-2018-4277.
How can I fix CVE-2018-4277?
To fix CVE-2018-4277, update to iOS 11.4.1 or later, watchOS 4.3.2 or later, tvOS 11.4.1 or later, Safari 11.1.1 or later, or macOS High Sierra 10.13.6 or later.
Where can I find more information about CVE-2018-4277?
You can find more information about CVE-2018-4277 on the Apple support page: [link](https://support.apple.com/en-us/HT208936).
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/tvos
- canonical/macos high sierra
- canonical/apple el capitan
- canonical/apple ios, ipados, and watchos
- canonical/apple ios and ipados
- canonical/safari
- canonical/iphone os
- canonical/apple ios and macos