Vulnerability Details : CVE-2018-4187
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
Vulnerability category: Input validation
Products affected by CVE-2018-4187
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-4187
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-4187
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4187
-
https://support.apple.com/HT208742
About the security content of Security Update 2018-001 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT209193
About the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1040744
Apple macOS/OS X LinkPresentation, Crash Reporter, and Kernel Bugs Let Remote Users Spoof the User Interface and Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/103958
RETIRED: Apple iOS APPLE-SA-2018-04-24-1 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/103957
Apple iOS and macOS Multiple Security VulnerabilitiesVDB Entry;Third Party Advisory
-
https://support.apple.com/HT208743
About the security content of iOS 11.3.1 - Apple SupportVendor Advisory
Jump to