Details of VAR-201804-1171

ID

VAR-201804-1171

CVE

CVE-2018-4173

TITLE

Apple iOS and macOS of Status Bar Component microphone access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004068

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. Apple iOS and macOS of Status Bar The component contains a vulnerability that allows access to the microphone.The microphone may be accessed through a crafted application. Apple macOS and iOS are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers. An attacker could exploit this vulnerability to gain access to the microphone without the user's knowledge

Trust: 1.98

sources: NVD: CVE-2018-4173 // JVNDB: JVNDB-2018-004068 // BID: 104223 // VULHUB: VHN-134204

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.3	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.3 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.13.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	security update sierra	scope:	ne	version:	2018-0020	Trust: 0.3
vendor:	apple	model:	security update el capitan	scope:	ne	version:	2018-0020	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.13.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11.3	Trust: 0.3

sources: BID: 104223 // JVNDB: JVNDB-2018-004068 // CNNVD: CNNVD-201804-684 // NVD: CVE-2018-4173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4173
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4173
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-684
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4173
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134204
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4173
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134204 // JVNDB: JVNDB-2018-004068 // CNNVD: CNNVD-201804-684 // NVD: CVE-2018-4173

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-134204 // JVNDB: JVNDB-2018-004068 // NVD: CVE-2018-4173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-684

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-684

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004068

PATCH

title:	HT208692	url:	https://support.apple.com/en-us/HT208692	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/en-us/HT208693	Trust: 0.8
title:	HT208692	url:	https://support.apple.com/ja-jp/HT208692	Trust: 0.8
title:	HT208693	url:	https://support.apple.com/ja-jp/HT208693	Trust: 0.8
title:	Apple iOS and macOS High Sierra Status Bar Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80101	Trust: 0.6

sources: JVNDB: JVNDB-2018-004068 // CNNVD: CNNVD-201804-684

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4173	Trust: 2.8
db:	JVN	id:	JVNVU92378299	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004068	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-684	Trust: 0.6
db:	BID	id:	104223	Trust: 0.4
db:	VULHUB	id:	VHN-134204	Trust: 0.1

sources: VULHUB: VHN-134204 // BID: 104223 // JVNDB: JVNDB-2018-004068 // CNNVD: CNNVD-201804-684 // NVD: CVE-2018-4173

REFERENCES

url:	https://support.apple.com/ht208692	Trust: 1.7
url:	https://support.apple.com/ht208693	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4173	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92378299/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4173	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht208693	Trust: 0.3
url:	https://support.apple.com/en-ie/ht208692	Trust: 0.3

sources: VULHUB: VHN-134204 // BID: 104223 // JVNDB: JVNDB-2018-004068 // CNNVD: CNNVD-201804-684 // NVD: CVE-2018-4173

CREDITS

Joshua Pokotilow of pingmd

Trust: 0.3

sources: BID: 104223

SOURCES

db:	VULHUB	id:	VHN-134204
db:	BID	id:	104223
db:	JVNDB	id:	JVNDB-2018-004068
db:	CNNVD	id:	CNNVD-201804-684
db:	NVD	id:	CVE-2018-4173

LAST UPDATE DATE

2024-11-23T20:39:55.444000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134204	date:	2019-10-03T00:00:00
db:	BID	id:	104223	date:	2018-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-004068	date:	2018-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201804-684	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-4173	date:	2024-11-21T04:06:54.423

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134204	date:	2018-04-13T00:00:00
db:	BID	id:	104223	date:	2018-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-004068	date:	2018-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201804-684	date:	2018-04-16T00:00:00
db:	NVD	id:	CVE-2018-4173	date:	2018-04-13T17:29:00.230