CVE-2018-4115

Опубликовано: 03 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.

Ссылки

http://www.securitytracker.com/id/1040604
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040608
Third Party Advisory
VDB Entry
https://support.apple.com/HT208692
Vendor Advisory
https://support.apple.com/HT208693
Vendor Advisory
https://support.apple.com/HT208696
Vendor Advisory
https://support.apple.com/HT208698
Vendor Advisory
http://www.securitytracker.com/id/1040604
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040608
Third Party Advisory
VDB Entry
https://support.apple.com/HT208692
Vendor Advisory
https://support.apple.com/HT208693
Vendor Advisory
https://support.apple.com/HT208696
Vendor Advisory
https://support.apple.com/HT208698
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 11.3 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.13.4 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 11.3 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 4.3 (исключая)

EPSS

Процентиль: 78%

0.01162

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-281

Связанные уязвимости

GHSA-mh38-x4mv-9qfc