Lucene search

AppleCVE-2018-4221

HistoryJun 08, 2018 - 6:29 p.m.

CVE-2018-4221

2018-06-0818:29:01

CWE-200

apple

web.nvd.nist.gov

apple

ios

macos

web tracking

s/mime

security issue

cve-2018-4221

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the “Security” component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.

Affected configurations

Nvd

Node

appleiphone_osRange<11.4

applemac_os_xRange<10.13.5

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::

References

www.securityfocus.com/bid/104897

www.securitytracker.com/id/1041027

support.apple.com/HT208848

support.apple.com/HT208849

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2018-4221