CVE-2018-4279: Input Validation

Q: What is CVE-2018-4279?

CVE-2018-4279 is a vulnerability in Safari that allows an attacker to manipulate the user interface and potentially perform unauthorized actions.

Q: Which versions of Safari are affected by CVE-2018-4279?

Versions of Safari prior to 11.1.2 are affected by CVE-2018-4279.

Q: How can CVE-2018-4279 be exploited?

CVE-2018-4279 can be exploited by an attacker who tricks a user into visiting a malicious website and performing specific actions, which can lead to unauthorized actions being performed on behalf of the user.

Q: What is the severity of CVE-2018-4279?

CVE-2018-4279 has a severity score of 5.3, which is considered medium.

Q: How can I fix CVE-2018-4279?

To fix CVE-2018-4279, update Safari to version 11.1.2 or later, which includes improvements to state management to address the vulnerability.

Published Jul 9, 2018

Updated

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2.

Other sources

Safari. An inconsistent user interface issue was addressed with improved state management.

Credit

Ruilin Yang, Xu Taoyu (xia0yu.win), Jun Kokatsu@@shhnjk

Affected Software

2 affected componentsFixes available

Safari<11.1.2

11.1.2

Safari<11.1.2

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT208934

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4279?

CVE-2018-4279 is a vulnerability in Safari that allows an attacker to manipulate the user interface and potentially perform unauthorized actions.

Which versions of Safari are affected by CVE-2018-4279?