CVE-2018-4390
published 2020-10-27CVE-2018-4390: An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001…
PriorityP420medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
EPSS
0.23%
46.2th percentile
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios | — | — |
| apple | iphone_os | < 12.1 | 12.1 |
| apple | mac_os_x | >= 10.13 < 10.13.1 | 10.13.1 |
| apple | macos | >= unspecified < 10.13 | 10.13 |
| apple | macos | >= unspecified < 4.3 | 4.3 |
| apple | macos | >= unspecified < 12.1 | 12.1 |
| apple | macos_high_sierra_10.13.1_security_update_2017-001_sierra_and_security_update_20 | — | — |
| apple | watchos | < 4.3 | 4.3 |
| apple | watchos | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Apple
CVE-2018-4390: iOS 12.1
vendor_apple·2018-10-30·CVSS 5.5
CVE-2018-4390 [MEDIUM] CVE-2018-4390: iOS 12.1
Apple Security Update: About the security content of iOS 12.1
Product: iOS
Version: 12.1
CVE: CVE-2018-4390
Component: Messages
Impact: Processing a maliciously crafted text message may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2018-4390: iOS 11.3
vendor_apple·2018-03-29·CVSS 5.5
CVE-2018-4390 [MEDIUM] CVE-2018-4390: iOS 11.3
Apple Security Update: About the security content of iOS 11.3
Product: iOS
Version: 11.3
CVE: CVE-2018-4390
Component: LinkPresentation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2018-4390: watchOS 4.3
vendor_apple·2018-03-29·CVSS 5.5
CVE-2018-4390 [MEDIUM] CVE-2018-4390: watchOS 4.3
Apple Security Update: About the security content of watchOS 4.3
Product: watchOS
Version: 4.3
CVE: CVE-2018-4390
Component: LinkPresentation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2018-4390: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
vendor_apple·2017-10-31·CVSS 5.5
CVE-2018-4390 [MEDIUM] CVE-2018-4390: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
Product: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
CVE: CVE-2018-4390
Component: LinkPresentation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
GHSA
GHSA-vcv3-mq2x-f2pv: An inconsistent user interface issue was addressed with improved state management
ghsa_unreviewed·2022-05-24
CVE-2018-4390 [MEDIUM] GHSA-vcv3-mq2x-f2pv: An inconsistent user interface issue was addressed with improved state management
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-27
Published