CVE-2018-4266 : A race condition was addressed with additional validation. This issue affected v

A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Published 2019-04-03 18:29:04

Updated 2019-04-04 16:13:56

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2018-4266

Apple » Safari
Versions before (<) 11.1.2
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Itunes
Versions before (<) 12.8
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Apple » Iphone Os
Versions before (<) 11.4.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 4.3.2
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Icloud
Versions before (<) 7.6
cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Apple » Tvos
Versions before (<) 11.4.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-4266

EPSS FAQ

0.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-4266

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-4266

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-4266

https://support.apple.com/kb/HT208933

About the security content of iTunes 12.8 for Windows - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT208935

About the security content of watchOS 4.3.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT208938

About the security content of iOS 11.4.1 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT208934

About the security content of Safari 11.1.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT208932

About the security content of iCloud for Windows 7.6 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/kb/HT208936

About the security content of tvOS 11.4.1 - Apple Support
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-4266

Products affected by CVE-2018-4266

Exploit prediction scoring system (EPSS) score for CVE-2018-4266

CVSS scores for CVE-2018-4266

CWE ids for CVE-2018-4266

References for CVE-2018-4266