CVE-2018-4319
First published: Wed Sep 12 2018(Updated: )
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Credit: John Pettitt Google product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/webkit2gtk | <2.22.2-0ubuntu0.18.04.1 | 2.22.2-0ubuntu0.18.04.1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.2-1ubuntu1 | 2.22.2-1ubuntu1 |
| ubuntu/webkit2gtk | <2.22.0 | 2.22.0 |
| debian/webkit2gtk | 2.44.2-1~deb11u1 2.44.2-1~deb12u1 2.44.2-1 | |
| Apple Mobile Safari | <12 | 12 |
| Apple iOS, iPadOS, and watchOS | <12 | 12 |
| Apple iOS, iPadOS, and watchOS | <5 | 5 |
| Apple iCloud | <7.7 | 7.7 |
| Apple iTunes | <12.9 | 12.9 |
| Apple iCloud for Windows | <7.7 | |
| Apple iTunes for Windows | <12.9 | |
| Apple Mobile Safari | <12 | |
| iStyle @cosme iPhone OS | <12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT209140 (Advisory)
- https://support.apple.com/en-us/HT209141 (Advisory)
- https://support.apple.com/en-us/HT209109 (Advisory)
- https://support.apple.com/kb/HT209106
- https://support.apple.com/kb/HT209108
- https://support.apple.com/kb/HT209109
- https://support.apple.com/kb/HT209140
- https://support.apple.com/kb/HT209141
- https://launchpad.net/bugs/cve/CVE-2018-4319
- https://support.apple.com/en-us/HT209108 (Advisory)
- https://support.apple.com/en-us/HT209106 (Advisory)
- https://webkitgtk.org/security/WSA-2018-0007.html
- https://security-tracker.debian.org/tracker/CVE-2018-4319
- https://www.openwall.com/lists/oss-security/2018/09/29/1
- https://ubuntu.com/security/notices/USN-3781-1
- https://www.cve.org/CVERecord?id=CVE-2018-4319
- https://nvd.nist.gov/vuln/detail/CVE-2018-4319
- https://ubuntu.com/security/CVE-2018-4319
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4307
- CVE-2018-4329
- CVE-2018-4195
- CVE-2018-4319
- CVE-2018-4191
- CVE-2018-4309
- CVE-2018-4299
- CVE-2018-4323
- CVE-2018-4328
- CVE-2018-4358
- CVE-2018-4359
- CVE-2018-4360
- CVE-2018-4311
- CVE-2018-4345
- CVE-2018-4361
- CVE-2018-4474
- CVE-2018-4312
- CVE-2018-4315
- CVE-2018-4197
- CVE-2018-4314
- CVE-2018-4318
- CVE-2018-4306
- CVE-2018-4317
- CVE-2018-4316
- CVE-2018-4322
- CVE-2018-4321
- CVE-2018-5383
- CVE-2018-4126
- CVE-2018-4412
- CVE-2018-4414
- CVE-2018-4356
- CVE-2018-4347
- CVE-2018-4333
- CVE-2018-4433
- CVE-2018-4426
- CVE-2018-4331
- CVE-2018-4332
- CVE-2018-4343
- CVE-2018-4355
- CVE-2018-4408
- CVE-2018-4341
- CVE-2018-4354
- CVE-2018-4383
- CVE-2018-4335
- CVE-2018-4401
- CVE-2018-4305
- CVE-2018-4363
- CVE-2018-4336
- CVE-2018-4337
- CVE-2018-4340
- CVE-2018-4344
- CVE-2018-4425
- CVE-2018-4399
- CVE-2018-4407
- CVE-2018-4326
- CVE-2018-4310
- CVE-2018-4313
- CVE-2018-4352
- CVE-2018-4362
- CVE-2018-4395
- CVE-2016-1777
- CVE-2018-4325
- CVE-2018-4203
- CVE-2018-4304
Frequently Asked Questions
What is CVE-2018-4319?
CVE-2018-4319 is a cross-origin issue with "iframe" elements in WebKit.
Which software versions are affected by CVE-2018-4319?
Versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7 are affected by CVE-2018-4319.
What is the severity of CVE-2018-4319?
CVE-2018-4319 has a severity score of 8.1 (high).
How can I mitigate the vulnerability CVE-2018-4319?
To mitigate CVE-2018-4319, update to the latest version of iOS, watchOS, Safari, iTunes for Windows, or iCloud for Windows.
Where can I find more information about CVE-2018-4319?
You can find more information about CVE-2018-4319 at the following references: [link1](https://support.apple.com/kb/HT209106), [link2](https://support.apple.com/kb/HT209108), [link3](https://support.apple.com/kb/HT209109).
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- agent/description
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/apple
- canonical/apple mobile safari
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud
- canonical/apple itunes
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- canonical/istyle @cosme iphone os