CVE-2018-4429: Input Validation

Q: What is CVE-2018-4429?

CVE-2018-4429 is a vulnerability that allows for spoofing URLs in iOS and watchOS devices.

Q: What is the severity of CVE-2018-4429?

CVE-2018-4429 has a severity rating of 6.5 (Medium).

Q: How does CVE-2018-4429 affect Apple iOS and watchOS?

CVE-2018-4429 affects versions prior to iOS 12.1.1 and watchOS 5.1.2.

Q: How can I fix CVE-2018-4429?

To fix CVE-2018-4429, update your iOS device to version 12.1.1 or later and update your watchOS device to version 5.1.2 or later.

Q: Where can I find more information about CVE-2018-4429?

You can find more information about CVE-2018-4429 on the Apple support website.

Published Dec 5, 2018

Updated

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.

Other sources

LinkPresentation. A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

Credit

Victor Le Pochat(imec), KU Leuven

Affected Software

4 affected componentsFixes available

Apple WatchOS<5.1.2

5.1.2

Apple iOS<12.1.1

12.1.1

Apple iPhone OS<12.1.1

Apple WatchOS<5.1.2

Event History

Apr 3, 2019

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4429?

CVE-2018-4429 is a vulnerability that allows for spoofing URLs in iOS and watchOS devices.

What is the severity of CVE-2018-4429?