Sign-up

ID

VAR-201806-1448


CVE

CVE-2018-4244


TITLE

Apple iOS of Siri Contacts Vulnerability in obtaining private contact information in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005515

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Siri is one of the intelligent voice control components

Trust: 1.71

sources: NVD: CVE-2018-4244 // JVNDB: JVNDB-2018-005515 // VULHUB: VHN-134275

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.4 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.4 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-005515 // CNNVD: CNNVD-201806-590 // NVD: CVE-2018-4244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4244
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4244
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-590
value: LOW

Trust: 0.6

VULHUB: VHN-134275
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-4244
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134275
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4244
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134275 // JVNDB: JVNDB-2018-005515 // CNNVD: CNNVD-201806-590 // NVD: CVE-2018-4244

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134275 // JVNDB: JVNDB-2018-005515 // NVD: CVE-2018-4244

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-590

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201806-590

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005515

PATCH
title:HT208848url:https://support.apple.com/en-us/HT208848
Trust: 0.8
title:HT208848url:https://support.apple.com/ja-jp/HT208848
Trust: 0.8
title:Apple iOS Siri Contacts Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80784
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-005515 // 
            
            
            
            CNNVD: CNNVD-201806-590

EXTERNAL IDS
db:NVDid:CVE-2018-4244
Trust: 2.5
db:SECTRACKid:1041031
Trust: 1.7
db:JVNid:JVNVU98864649
Trust: 0.8
db:JVNDBid:JVNDB-2018-005515
Trust: 0.8
db:CNNVDid:CNNVD-201806-590
Trust: 0.7
db:VULHUBid:VHN-134275
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134275 // 
            
            
            
            JVNDB: JVNDB-2018-005515 // 
            
            
            
            CNNVD: CNNVD-201806-590 // 
            
            
            
            NVD: CVE-2018-4244

REFERENCES
url:https://support.apple.com/ht208848
Trust: 1.7
url:http://www.securitytracker.com/id/1041031
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4244
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98864649/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4244
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134275 // 
            
            
            
            JVNDB: JVNDB-2018-005515 // 
            
            
            
            CNNVD: CNNVD-201806-590 // 
            
            
            
            NVD: CVE-2018-4244

SOURCES
db:VULHUBid:VHN-134275
db:JVNDBid:JVNDB-2018-005515
db:CNNVDid:CNNVD-201806-590
db:NVDid:CVE-2018-4244

LAST UPDATE DATE
2024-11-23T21:06:30.418000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134275date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-005515date:2018-07-20T00:00:00
db:CNNVDid:CNNVD-201806-590date:2018-06-11T00:00:00
db:NVDid:CVE-2018-4244date:2024-11-21T04:07:02.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-134275date:2018-06-08T00:00:00
db:JVNDBid:JVNDB-2018-005515date:2018-07-20T00:00:00
db:CNNVDid:CNNVD-201806-590date:2018-06-11T00:00:00
db:NVDid:CVE-2018-4244date:2018-06-08T18:29:02.587