CVE-2018-9840

Published: Apr 10, 2018Modified: Nov 21, 2024

6.8

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.

Affected (1)

Products: Signal: Signal

Signal

1 product

Signal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Signal Signal	Before 2.23.2

References (6)

http://nint.en.do/Signal-Bypass-Screen-locker.php

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/signalapp/Signal-iOS/commits/release/2.23.2

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://nint.en.do/Signal-Bypass-Screen-locker.php

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/signalapp/Signal-iOS/commits/release/2.23.2

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.