Vulnerability CVE-2018-4137
Published: 2018-04-03

Description:
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Apple -> Safari 
Apple -> Iphone os 

 References:
http://www.securitytracker.com/id/1040604
https://support.apple.com/HT208693
https://support.apple.com/HT208695
Copyright 2024, cxsecurity.com

 

Back to Top