CVE-2018-4391 — Apple Macos vulnerability

6 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 53.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Iphone OS Apple MAC OS X +3 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶Appleapple/macos_high_sierra_10.13.1_security_update_2017-001_sierra_and_security_update_20

▶CVEListV5apple/macosunspecified — 10.13+2

▶NVDapple/watchos< 4.3

▶NVDapple/mac_os_x10.13 — 10.13.1

▶Appleapple/watchos4.3

🔴Vulnerability Details

GHSA

GHSA-5g5f-7wfm-59q5: An inconsistent user interface issue was addressed with improved state management↗2022-05-24

▶

📋Vendor Advisories

Apple

CVE-2018-4391: iOS 12.1↗2018-10-30

▶

Apple

CVE-2018-4391: iOS 11.3↗2018-03-29

▶

Apple

CVE-2018-4391: watchOS 4.3↗2018-03-29

▶

Apple

CVE-2018-4391: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan↗2017-10-31

▶