Local Impersonation Vulnerability in Apple iOS, macOS, tvOS, and watchOS
CVE-2018-4235

5.5MEDIUM

Key Information:

Vendor
Apple
Status
Mac Os X
iPhone OS
Apple Tv
Watch OS
Vendor
CVE Published:
8 June 2018

Summary

A local impersonation vulnerability exists in the Messages component of certain Apple operating systems, which include iOS, macOS, tvOS, and watchOS, prior to specified versions. This flaw can allow local users to execute impersonation attacks through unspecified injection techniques, potentially compromising user communications and leading to unauthorized actions.

References

https://support.apple.com/HT208850
x_refsource_CONFIRM
https://support.apple.com/HT208851
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041027
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-4235 : Local Impersonation Vulnerability in Apple iOS, macOS, tvOS, and watchOS | SecurityVulnerability.io