Details of VAR-201804-1168

ID

VAR-201804-1168

CVE

CVE-2018-4168

TITLE

Apple iOS of Vulnerability in file widget component that could retrieve important information

Trust: 0.8

sources: JVNDB: JVNDB-2018-003658

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, bypass security mechanisms, and conduct spoofing attacks and perform unauthorized actions. Failed exploits will result in denial-of-service condition. Versions prior to Apple iOS 11.3 are vulnerable. The vulnerability stems from the fact that cached data can still be displayed when the Files Widget is locked. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.98

sources: NVD: CVE-2018-4168 // JVNDB: JVNDB-2018-003658 // BID: 103578 // VULHUB: VHN-134199

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11.3	Trust: 0.3

sources: BID: 103578 // JVNDB: JVNDB-2018-003658 // CNNVD: CNNVD-201804-143 // NVD: CVE-2018-4168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4168
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4168
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-143
value:	LOW
Trust: 0.6
VULHUB:	VHN-134199
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-4168
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134199
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4168
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134199 // JVNDB: JVNDB-2018-003658 // CNNVD: CNNVD-201804-143 // NVD: CVE-2018-4168

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-134199 // JVNDB: JVNDB-2018-003658 // NVD: CVE-2018-4168

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-143

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003658

PATCH

title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	Apple iOS Files Widget Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82995	Trust: 0.6

sources: JVNDB: JVNDB-2018-003658 // CNNVD: CNNVD-201804-143

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4168	Trust: 2.8
db:	BID	id:	103578	Trust: 1.4
db:	SECTRACK	id:	1040604	Trust: 1.1
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003658	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-143	Trust: 0.6
db:	VULHUB	id:	VHN-134199	Trust: 0.1

sources: VULHUB: VHN-134199 // BID: 103578 // JVNDB: JVNDB-2018-003658 // CNNVD: CNNVD-201804-143 // NVD: CVE-2018-4168

REFERENCES

url:	https://support.apple.com/ht208693	Trust: 1.7
url:	http://www.securityfocus.com/bid/103578	Trust: 1.1
url:	http://www.securitytracker.com/id/1040604	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4168	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4168	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht208693	Trust: 0.3

sources: VULHUB: VHN-134199 // BID: 103578 // JVNDB: JVNDB-2018-003658 // CNNVD: CNNVD-201804-143 // NVD: CVE-2018-4168

CREDITS

Ben Compton and Jason Colley of Cerner Corporation, Zaheen Hafzar M M (@zaheenhafzer), xisigr of Tencent's Xuanwu Lab (tencent.com), Zhiyang Zeng (@Wester) of Tencent Security Platform Department, @mjonsson, Arjan van der Oest of Voiceworks BV, Nico Golde

Trust: 0.3

sources: BID: 103578

SOURCES

db:	VULHUB	id:	VHN-134199
db:	BID	id:	103578
db:	JVNDB	id:	JVNDB-2018-003658
db:	CNNVD	id:	CNNVD-201804-143
db:	NVD	id:	CVE-2018-4168

LAST UPDATE DATE

2024-11-23T20:23:44.077000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134199	date:	2018-05-04T00:00:00
db:	BID	id:	103578	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003658	date:	2018-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201804-143	date:	2018-04-09T00:00:00
db:	NVD	id:	CVE-2018-4168	date:	2024-11-21T04:06:53.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134199	date:	2018-04-03T00:00:00
db:	BID	id:	103578	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003658	date:	2018-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201804-143	date:	2018-04-03T00:00:00
db:	NVD	id:	CVE-2018-4168	date:	2018-04-03T06:29:07.860