CVE-2018-4134: Input Validation

Q: What is CVE-2018-4134?

CVE-2018-4134 is a vulnerability in Safari that allows remote attackers to spoof the user interface via a crafted web site.

Q: What products are affected by CVE-2018-4134?

iOS before version 11.3 is affected by CVE-2018-4134.

Q: What is the severity of CVE-2018-4134?

CVE-2018-4134 has a severity of 8.8 (high).

Q: How can I fix CVE-2018-4134?

To fix CVE-2018-4134, update your iOS to version 11.3 or higher.

Q: Where can I find more information about CVE-2018-4134?

You can find more information about CVE-2018-4134 at the following references: [link1], [link2], [link3].

Published Mar 29, 2018

Updated

Safari. An inconsistent user interface issue was addressed with improved state management.

Other sources

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the user interface via a crafted web site.

Credit

xisigr(Tencent), Zhiyang Zeng@@Wester(Tencent Security Platform Department)

Affected Software

2 affected componentsFixes available

Apple iOS and iPadOS<11.3

11.3

iPhone OS<11.3

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208693

Frequently Asked Questions

What is CVE-2018-4134?

CVE-2018-4134 is a vulnerability in Safari that allows remote attackers to spoof the user interface via a crafted web site.

What products are affected by CVE-2018-4134?

iOS before version 11.3 is affected by CVE-2018-4134.

What is the severity of CVE-2018-4134?

CVE-2018-4134 has a severity of 8.8 (high).

How can I fix CVE-2018-4134?