Lucene search

AppleCVE-2018-4223

HistoryJun 08, 2018 - 6:29 p.m.

CVE-2018-4223

2018-06-0818:29:01

CWE-200

apple

web.nvd.nist.gov

cve-2018-4223

apple

security bypass

ios

macos

tvos

watchos

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the “Security” component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.

Affected configurations

Nvd

Node

appleapple_tvRange<11.4

appleiphone_osRange<11.4

applemac_os_xRange<10.13.5

applewatchosRange<4.3.1

References

www.securitytracker.com/id/1041027

support.apple.com/HT208848

support.apple.com/HT208849

support.apple.com/HT208850

support.apple.com/HT208851

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-4223