Core Bluetooth Vulnerability in Apple iOS, tvOS, and watchOS
CVE-2018-4095

7.8HIGH

Key Information:

Vendor

Apple
Status
iPhone OS
Apple Tv
Watch OS
Vendor
CVE Published:
3 April 2018

What is CVE-2018-4095?

An issue was discovered in Apple's Core Bluetooth component that affects iOS, tvOS, and watchOS prior to specific versions. This vulnerability allows attackers to execute arbitrary code with elevated privileges or trigger a denial of service through crafted applications. Users of affected devices are encouraged to update to the latest software versions to mitigate the risks associated with this vulnerability.

References

https://support.apple.com/HT208462
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040265
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102774
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.