CVE-2018-4115
First published: Thu Mar 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
Credit: Johann Thalakada Vladimir Zubkov Matt Vlasach WanderaJohann Thalakada Vladimir Zubkov Matt Vlasach WanderaJohann Thalakada Vladimir Zubkov Matt Vlasach WanderaJohann Thalakada Vladimir Zubkov Matt Vlasach Wandera product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <11.3 | 11.3 |
| Apple macOS | <10.13.4 | 10.13.4 |
| Apple Sierra | ||
| Apple El Capitan | ||
| watchOS | <4.3 | 4.3 |
| Apple iPhone OS | <11.3 | |
| macOS Yosemite | <10.13.4 | |
| tvOS | <11.3 | |
| watchOS | <4.3 | |
| tvOS | <11.3 | 11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208692 (Advisory)
- https://support.apple.com/en-us/HT208693 (Advisory)
- https://support.apple.com/en-us/HT208696 (Advisory)
- https://support.apple.com/en-us/HT208698 (Advisory)
- http://www.securitytracker.com/id/1040604
- http://www.securitytracker.com/id/1040608
- https://support.apple.com/HT208692
- https://support.apple.com/HT208693
- https://support.apple.com/HT208696
- https://support.apple.com/HT208698
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4167
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4151
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4185
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4174
- CVE-2018-4166
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4134
- CVE-2018-4137
- CVE-2018-4149
- CVE-2018-4144
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4117
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
- CVE-2018-4131
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4139
- CVE-2018-4175
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4298
- CVE-2017-13911
- CVE-2018-4106
Frequently Asked Questions
What is CVE-2018-4115?
CVE-2018-4115 is a vulnerability that affects certain Apple products, including iOS, macOS, tvOS, and watchOS.
What is the severity of CVE-2018-4115?
CVE-2018-4115 has a severity rating of 9.8, which is considered critical.
How does CVE-2018-4115 allow attackers to bypass access restrictions?
CVE-2018-4115 allows attackers to bypass access restrictions through the CFPreferences component in System Preferences.
Which versions of iOS are affected by CVE-2018-4115?
iOS versions before 11.3 are affected by CVE-2018-4115.
Is macOS High Sierra affected by CVE-2018-4115?
Yes, macOS versions before 10.13.4, which includes macOS High Sierra, are affected by CVE-2018-4115.
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/apple
- canonical/apple ios
- canonical/apple macos
- canonical/apple sierra
- canonical/apple el capitan
- canonical/watchos
- canonical/apple iphone os
- canonical/macos yosemite
- canonical/tvos