CVE-2018-4131
First published: Thu Mar 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.
Credit: Andreas Hegenberg folivora product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS High Sierra | <10.13.4 | 10.13.4 |
| macOS High Sierra | ||
| Apple El Capitan | ||
| Apple iOS, iPadOS, and watchOS | <11.3 | 11.3 |
| iOS | <11.3 | |
| Apple iOS and macOS | <10.13.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208692 (Advisory)
- https://support.apple.com/en-us/HT208693 (Advisory)
- http://www.securityfocus.com/bid/103581
- http://www.securitytracker.com/id/1040604
- http://www.securitytracker.com/id/1040608
- https://support.apple.com/HT208692
- https://support.apple.com/HT208693
- https://twitter.com/boastr_net/status/979624397664333824
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4166
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4167
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4185
- CVE-2018-4139
- CVE-2018-4175
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4298
- CVE-2018-4144
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4106
- CVE-2018-4131
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4134
- CVE-2018-4137
- CVE-2018-4149
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4117
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
Frequently Asked Questions
What is CVE-2018-4131?
CVE-2018-4131 is a vulnerability that allows attackers to log keystrokes entered into arbitrary apps on certain Apple products.
Which Apple products are affected by CVE-2018-4131?
iOS before 11.3 and macOS before 10.13.4 are affected.
What is the severity of CVE-2018-4131?
CVE-2018-4131 has a severity rating of 7.8 (high).
How can I fix CVE-2018-4131?
To fix CVE-2018-4131, update your iOS device to version 11.3 or higher and update macOS to version 10.13.4 or higher.
Where can I find more information about CVE-2018-4131?
You can find more information about CVE-2018-4131 at the following references: [http://www.securityfocus.com/bid/103581](http://www.securityfocus.com/bid/103581), [http://www.securitytracker.com/id/1040604](http://www.securitytracker.com/id/1040604), [http://www.securitytracker.com/id/1040608](http://www.securitytracker.com/id/1040608)
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/macos high sierra
- canonical/apple el capitan
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos