CVE-2018-4266

Published: Apr 3, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Affected (6)

Products: Apple: Iphone Os, Safari, Tvos, Watchos, Icloud, Itunes

6 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 11.4.1
Apple Safari	Before 11.1.2
Apple Tvos	Before 11.4.1
Apple Watchos	Before 4.3.2

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Icloud	Before 7.6
Apple Itunes	Before 12.8

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (12)

https://support.apple.com/kb/HT208932

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208933

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208934

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208935

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208936

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208938

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT208932