ID

VAR-201904-1434

CVE

CVE-2018-4379

TITLE

iOS Lock screen vulnerability

DESCRIPTION

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * Arbitrary code execution * Script execution * information leak * Access restriction avoidance. Apple iOS is prone to multiple local information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. Quick Look is one of the components used to view common resource files. An information disclosure vulnerability exists in the Quick Look component of Apple iOS prior to 12.0.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-10-08-1 iOS 12.0.1 iOS 12.0.1 is now available and addresses the following: VoiceOver Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local attacker may be able to view photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. CVE-2018-4379: videosdebarraquito Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlu7i3gACgkQeC9tht7T K3H2lQ/+Kvfxyl73DfM5KcArmL8+hukFZBG5hM6w/N0Y+5GLME6FYCsk0BRXJ+tm FBTgLDnWzjOiPRAjns5qonHHaSRGJzBFwNt1O23qfRZKS3uVtsRCqFXfrL48irgH S4nw85vfcbpgsb7r7Lka5uw/yQ2XjDTlp3CFNYJEPT+YA7QmBpOwKu4OwwbNJIRo HtlzkdnFaSYTFMKaZgYE8ykUEUYBGW0MwXh8M+tT+gZKfCIc4fUDqjI2HZLANZ4x cM7vgn2+tnjnSOOm9C0/xnzh9nEGA+/JoF+pZW2HQpg7mH30ssMyaHUkCCriKRgw k7PArRTAWBmZknJrdbk21w8ohNbArF/0TmU+yehQ2NuoAVQEdPSaEIMVvwXoRSn5 x+phJ0mLdSXpwFhJLo6rbHGCcd8aY0qt+N//AL65kBDDDt81R8vf0DGo8asBAOX9 w/D2n2ymZF3OJ1jgxX5rYPRKtmuk0iJRskGPe5gbXunCbDW9y5FTpzk0k48pjmk4 ibxlXo0mEo/W+RPIDezoFXrbFSJrAlrZy42KC8kJ3Qd+hnhOWb3yNxAx/bHrkNQd xRyG7SVpd8S5BhPAAb5qcy56z96/EsXLbE5RF9HiWVm+WCJPoprW1W/eWzdhmsFJ pPr4OwkUQ26ua8jPC1zg8HIW0ohDsinnPphJiynez8c0EE4UyXw= =yoiM -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

information disclosure

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

videosdebarraquito

SOURCES

LAST UPDATE DATE

2024-11-23T21:07:53.753000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE