CVE-2018-4173
published 2018-04-13CVE-2018-4173: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar"…
PriorityP421medium5.5CVSS 3.0
AVLACLPRNUIRSUCNIHAN
EPSS
0.14%
33.4th percentile
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 11.3 | 11.3 |
| apple | mac_os_x | < 10.13.4 | 10.13.4 |
| apple | macos_high_sierra_10.13.4_security_update_2018-002_sierra_and_security_update_20 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
GHSA
GHSA-2v52-33cv-3wm5: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-13
CVE-2018-4173 [MEDIUM] CWE-269 GHSA-2v52-33cv-3wm5: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
Apple
CVE-2018-4173: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
vendor_apple·2018-03-29·CVSS 5.5
CVE-2018-4173 [MEDIUM] CVE-2018-4173: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
Product: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
CVE: CVE-2018-4173
Component: Status Bar
Impact: A malicious application may be able to access the microphone without indication to the user
Description: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.
Apple
CVE-2018-4173: iOS 11.3
vendor_apple·2018-03-29·CVSS 5.5
CVE-2018-4173 [MEDIUM] CVE-2018-4173: iOS 11.3
Apple Security Update: About the security content of iOS 11.3
Product: iOS
Version: 11.3
CVE: CVE-2018-4173
Component: Status Bar
Impact: A malicious application may be able to access the microphone without indication to the user
Description: A consistency issue existed in deciding when to show the microphone use indicator. The issue was resolved with improved capability validation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-13
Published