Vulnerability Details : CVE-2018-9840
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
Products affected by CVE-2018-9840
- cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-9840
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-9840
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
References for CVE-2018-9840
-
https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9
Merge remote-tracking branch 'origin/charlesmchen/screenLockRework_' … · signalapp/Signal-iOS@018a35d · GitHubPatch;Third Party Advisory
-
http://nint.en.do/Signal-Bypass-Screen-locker.php
Broken Link;Third Party Advisory
-
https://github.com/signalapp/Signal-iOS/commits/release/2.23.2
Commits · signalapp/Signal-iOS · GitHubIssue Tracking;Patch;Third Party Advisory
Jump to