CVE-2018-4107: Input Validation
PDFKit. An issue existed in the parsing of URLs in PDFs. This issue was addressed through improved input validation.
Other sources
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4166
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4167
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4185
- CVE-2018-4139
- CVE-2018-4175
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4298
- CVE-2018-4144
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4106
- CVE-2018-4131
Frequently Asked Questions
What is CVE-2018-4107?
CVE-2018-4107 is a vulnerability in certain Apple products, specifically macOS before 10.13.4, which involves the "PDFKit" component and allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document.
How does CVE-2018-4107 affect Apple products?
CVE-2018-4107 affects certain Apple products, including macOS High Sierra before 10.13.4, Sierra, and El Capitan.
What is the severity of CVE-2018-4107?
CVE-2018-4107 has a severity rating of medium, with a CVSS score of 6.5.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-4107?
The CWE ID for CVE-2018-4107 is CWE-20.
How can I fix CVE-2018-4107?
To fix CVE-2018-4107, update your macOS to version 10.13.4 or later.