CVE-2018-4173

Published: Apr 13, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

Affected (2)

Products: Apple: Iphone Os, Mac Os X

Apple

2 products

Iphone Os

Mac Os X

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 11.3
Apple Mac Os X	Before 10.13.4

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://support.apple.com/HT208692

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT208693

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT208692

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT208693

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.