CVE-2018-4391 - OpenCVE

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT208221
https://support.apple.com/en-us/HT208696
https://support.apple.com/en-us/HT209192

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T19:19:36

Updated: 2024-08-05T05:11:22.812Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4391

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-27T20:15:13.563

Modified: 2020-10-30T02:08:01.107

Link: CVE-2018-4391

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "10.13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "4.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing."}], "problemTypes": [{"descriptions": [{"description": "Processing a maliciously crafted text message may lead to UI spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:19:36", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT209192"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT208221"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT208696"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2018-4391", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "10.13"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "4.3"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.1"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing a maliciously crafted text message may lead to UI spoofing"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT209192", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT209192"}, {"name": "https://support.apple.com/en-us/HT208221", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT208221"}, {"name": "https://support.apple.com/en-us/HT208696", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT208696"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:11:22.812Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT209192"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT208221"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT208696"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2018-4391", "datePublished": "2020-10-27T19:19:36", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T05:11:22.812Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FDA8399-DFA9-41CA-BB94-A5419A9518EE", "versionEndExcluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "718E268D-8993-4389-A551-978434299DE5", "versionEndExcluding": "10.13.1", "versionStartIncluding": "10.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "360435F9-FC38-422B-8888-3656AF59A3BF", "versionEndExcluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing."}, {"lang": "es", "value": "Se abord\u00f3 un problema de interfaz de usuario inconsistente con una administraci\u00f3n de estado mejorada. Este problema se corrigi\u00f3 en macOS High Sierra versi\u00f3n 10.13.1, Security Update 2017-001 Sierra y Security Update 2017-004 El Capitan, watchOS versi\u00f3n 4.3, iOS versi\u00f3n 12.1. Un procesamiento de un mensaje de texto dise\u00f1ado maliciosamente puede conllevar a una suplantaci\u00f3n de la interfaz de usuario"}], "id": "CVE-2018-4391", "lastModified": "2020-10-30T02:08:01.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:13.563", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT208221"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT208696"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT209192"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}