Sign-up

ID

VAR-201804-1223


CVE

CVE-2018-4111


TITLE

Apple macOS In the mail component S/MIME Vulnerability to read encrypted message content

Trust: 0.8

sources: JVNDB: JVNDB-2018-003647

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

Trust: 1.98

sources: NVD: CVE-2018-4111 // JVNDB: JVNDB-2018-003647 // BID: 103582 // VULHUB: VHN-134142

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.4

Trust: 0.3

sources: BID: 103582 // JVNDB: JVNDB-2018-003647 // CNNVD: CNNVD-201804-194 // NVD: CVE-2018-4111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4111
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4111
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-194
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134142
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4111
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134142
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4111
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134142 // JVNDB: JVNDB-2018-003647 // CNNVD: CNNVD-201804-194 // NVD: CVE-2018-4111

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-134142 // JVNDB: JVNDB-2018-003647 // NVD: CVE-2018-4111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-194

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201804-194

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003647

PATCH
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:Apple macOS High Sierra Mail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83046
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003647 // 
            
            
            
            CNNVD: CNNVD-201804-194

EXTERNAL IDS
db:NVDid:CVE-2018-4111
Trust: 2.8
db:BIDid:103582
Trust: 2.0
db:SECTRACKid:1040608
Trust: 1.7
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-003647
Trust: 0.8
db:CNNVDid:CNNVD-201804-194
Trust: 0.6
db:VULHUBid:VHN-134142
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134142 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003647 // 
            
            
            
            CNNVD: CNNVD-201804-194 // 
            
            
            
            NVD: CVE-2018-4111

REFERENCES
url:http://www.securityfocus.com/bid/103582
Trust: 1.7
url:https://support.apple.com/ht208692
Trust: 1.7
url:http://www.securitytracker.com/id/1040608
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4111
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4111
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134142 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003647 // 
            
            
            
            CNNVD: CNNVD-201804-194 // 
            
            
            
            NVD: CVE-2018-4111

CREDITS
David J Beitey (@davidjb_), Geoffrey Bugniot, Simon Hosie, an anonymous researcher, Kamatham Chaitanya of ShiftLeft Inc., Haik Aftandilian of Mozilla, Axis and pjf of IceSword Lab of Qihoo 360, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., Jonas Jens
Trust: 0.3
sources:
            
            
            BID: 103582

SOURCES
db:VULHUBid:VHN-134142
db:BIDid:103582
db:JVNDBid:JVNDB-2018-003647
db:CNNVDid:CNNVD-201804-194
db:NVDid:CVE-2018-4111

LAST UPDATE DATE
2024-11-23T20:21:49.891000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134142date:2020-08-24T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003647date:2018-05-31T00:00:00
db:CNNVDid:CNNVD-201804-194date:2020-10-22T00:00:00
db:NVDid:CVE-2018-4111date:2024-11-21T04:06:47.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-134142date:2018-04-03T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003647date:2018-05-31T00:00:00
db:CNNVDid:CNNVD-201804-194date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4111date:2018-04-03T06:29:04.563