Apple iOS à 11.3.1 Siri elévation de privilèges

entréeeditHistoryDiffjsonxmlCTI

Une vulnérabilité classée critique a été trouvée dans Apple iOS à 11.3.1 (Smartphone Operating System). Affecté par ce problème est une fonction inconnue du composant Siri. Mettre à jour à la version 11.4 élimine cette vulnérabilité. Une solution envisageable a été publiée immédiatement après la publication de la vulnérabilité.

Domaine03/06/2018 02:55 PM13/02/2020 08:10 AM
nameiOSiOS
version<=11.3.1<=11.3.1
componentSiriSiri
cwe284 (elévation de privilèges)284 (elévation de privilèges)
risk22
historic00
cvss2_vuldb_basescore4.64.6
cvss2_vuldb_tempscore4.04.0
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore3.43.4
cvss3_meta_tempscore3.23.2
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avPP
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avPP
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iLL
cvss3_nvd_aNN
advisoryquoteAn issue existed with Siri permissions. This was addressed with improved permission checking.An issue existed with Siri permissions. This was addressed with improved permission checking.
date1527552000 (29/05/2018)1527552000 (29/05/2018)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://support.apple.com/kb/HT208848https://support.apple.com/kb/HT208848
identifierHT208848HT208848
disputed00
price_0day$5k-$25k$5k-$25k
price_trend++
nameUpgradeUpgrade
date1527552000 (29/05/2018)1527552000 (29/05/2018)
upgrade_version11.411.4
cveCVE-2018-4238CVE-2018-4238
cve_nvd_published15284088001528408800
cve_nvd_summaryAn issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.
seealso118648 118652 118657 118659 118660 118661 118662 118663 118664 118666 118667 118668 118669 118670 118672 118675 118676 118677 118678 118679 118680 118681 118682 118683 118684 118685 118686 118687 118689 118691118648 118652 118657 118659 118660 118661 118662 118663 118664 118666 118667 118668 118669 118670 118672 118675 118676 118677 118678 118679 118680 118681 118682 118683 118684 118685 118686 118687 118689 118691
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore2.42.4
typeSmartphone Operating SystemSmartphone Operating System
vendorAppleApple
discoverydate1527552000
confirm_urlhttps://support.apple.com/HT208848
cve_assigned1514851200

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!