CVE-2018-4185 — Sensitive Information Exposure in Apple Tvos

CWE-200 — Sensitive Information Exposure6 documents3 sources

Severity

7.5HIGHNVD

EPSS

3.7%

top 11.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +3 more

Timeline

PublishedJan 11

Latest updateMay 14

Description

In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶Appleapple/macos_high_sierra_10.13.4_security_update_2018-002_sierra_and_security_update_20

▶NVDapple/tvos< 11.3

▶NVDapple/watchos< 4.3

▶NVDapple/mac_os_x< 10.13.4

▶Appleapple/tvos11.3

🔴Vulnerability Details

GHSA

GHSA-63w4-m2q2-xw9v: In iOS before 11↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2018-4185: watchOS 4.3↗2018-03-29

▶

Apple

CVE-2018-4185: tvOS 11.3↗2018-03-29

▶

Apple

CVE-2018-4185: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan↗2018-03-29

▶

Apple

CVE-2018-4185: iOS 11.3↗2018-03-29

▶