CVE-2018-4322 - Input Validation vulnerability in Apple Iphone OS

Publication

2019-04-03

Last modification

2019-04-04

Summary

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.

Description

Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Versions prior to Apple iOS 12 are vulnerable.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Exploit

Currently, we are not aware of any working exploits.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:L/AC:L/Au:N/C:P/I:N/A:N)

Low

2.1

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  10.3.2 , 3.1.3 , 2.1 , 11.2.6 , 4.0.1 , 11.3.1 , 2.1.1 , 10.0.3 , 1.0.0 , 7.0.1 , 3.2.1 , 3.2 , 9.3.1 , 1.1.3 , 3.2.2 , 9.0 , 11.0.2 , 5.0 , 1.1.1 , 10.3.3 , 4.2.1 , 5.1.1 , 4.2.5 , 9.2 , 7.0 , 9.3 , 11.1.1 , 8.4.1 , 4.1 , 4.3.5 , 9.0.1 , 11.0.1 , 3.0 , 4.2.8 , 5.1 , 1.1.4 , 7.1 , 8.0.2 , 11.2.2 , 8.0 , 10.3.1 , 6.0 , 8.1 , 4.3.3 , 4.0 , 11.0 , 2.0 , 9.0.2 , 6.0.2 , 8.0.1 , 10.1 , 7.0.5 , 6.1.3 , 4.3.2 , 10.1.1 , 10.0 , 10.2.1 , 7.1.2 , 4.0.2 , 8.1.3 , 9.3.4 , 3.1 , 1.0.2 , 4.3.0 , 11.1.2 , 10.3 , 7.0.6 , 10.0.2 , 5.0.1 , 2.2.1 , 8.3 , 6.1.5 , 11.2.1 , 3.1.1 , 9.3.2 , 6.1.4 , 10.2 , 2.0.1 , 1.1.2 , 3.1.2 , 7.0.3 , 9.3.3 , 2.2 , 4.3.1 , 1.0.1 , 11 , 11.0.3 , 1.1.5 , 6.1.2 , 3.0.1 , 2.0.0 , 11.2 , 6.0.1 , 11.1 , 6.1 , 11.2.5 , 2.0.2 , 8.2 , 7.0.4 , 1.1.0 , 9.1 , 11.3 , 11.4.1 , 6.1.6 , 10.0.1 , 7.1.1 , 7.0.2 , 8.1.2 , 9.3.5 , 9.2.1 , 11.4