CVE-2018-4277: Input Validation
First published: Mon Jul 09 2018(Updated: )
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Credit: xisigr Tencentxisigr Tencentxisigr Tencentxisigr Tencent product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <11.1.1 | |
| Apple iPhone OS | <11.4.1 | |
| Apple Mac OS X | <10.13.6 | |
| Apple tvOS | <11.4.1 | |
| Apple watchOS | <4.3.2 | |
| Apple watchOS | <4.3.2 | 4.3.2 |
| Apple iOS | <11.4.1 | 11.4.1 |
| Apple tvOS | <11.4.1 | 11.4.1 |
| Apple macOS High Sierra | <10.13.6 | 10.13.6 |
| Apple Sierra | ||
| Apple El Capitan |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208935 (Advisory)
- https://support.apple.com/en-us/HT208936 (Advisory)
- https://support.apple.com/en-us/HT208937 (Advisory)
- https://support.apple.com/en-us/HT208938 (Advisory)
- http://www.securitytracker.com/id/1041232
- https://support.apple.com/HT208854
- https://support.apple.com/HT208935
- https://support.apple.com/HT208936
- https://support.apple.com/HT208937
- https://support.apple.com/HT208938
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4293
- CVE-2018-4269
- CVE-2018-4290
- CVE-2018-4282
- CVE-2018-4280
- CVE-2018-4248
- CVE-2018-4277
- CVE-2018-4270
- CVE-2018-4284
- CVE-2018-4266
- CVE-2018-4262
- CVE-2018-4264
- CVE-2018-4272
- CVE-2018-4271
- CVE-2018-4273
- CVE-2018-4470
- CVE-2018-4289
- CVE-2018-4268
- CVE-2018-4285
- CVE-2018-5383
- CVE-2018-4276
- CVE-2018-4178
- CVE-2018-4456
- CVE-2018-4283
- CVE-2018-3665
- CVE-2018-4259
- CVE-2018-4286
- CVE-2018-4287
- CVE-2018-4288
- CVE-2018-4291
- CVE-2018-6797
- CVE-2018-6913
- CVE-2017-0898
- CVE-2017-10784
- CVE-2017-14033
- CVE-2017-14064
- CVE-2017-17405
- CVE-2017-17742
- CVE-2018-6914
- CVE-2018-8777
- CVE-2018-8778
- CVE-2018-8779
- CVE-2018-8780
- CVE-2018-4274
- CVE-2018-4278
- CVE-2018-4261
- CVE-2018-4263
- CVE-2018-4265
- CVE-2018-4267
- CVE-2018-4327
- CVE-2018-4216
- CVE-2018-4260
- CVE-2018-4275
Frequently Asked Questions
What is CVE-2018-4277?
CVE-2018-4277 is a vulnerability in Apple software where a spoofing issue existed in the handling of URLs.
How severe is CVE-2018-4277?
CVE-2018-4277 has a severity value of 7.5 (High).
Which software versions are affected by CVE-2018-4277?
iOS versions up to 11.4.1, watchOS versions up to 4.3.2, tvOS versions up to 11.4.1, Safari versions up to 11.1.1, macOS High Sierra versions up to 10.13.6 are affected by CVE-2018-4277.
How can I fix CVE-2018-4277?
To fix CVE-2018-4277, update to iOS 11.4.1 or later, watchOS 4.3.2 or later, tvOS 11.4.1 or later, Safari 11.1.1 or later, or macOS High Sierra 10.13.6 or later.
Where can I find more information about CVE-2018-4277?
You can find more information about CVE-2018-4277 on the Apple support page: [link](https://support.apple.com/en-us/HT208936).
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple watchos
- canonical/apple macos high sierra
- canonical/apple sierra
- canonical/apple el capitan
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple ios