CVE-2018-4137: Infoleak
First published: Thu Mar 29 2018(Updated: )
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
Credit: CVE-2018-4137 CVE-2018-4137 product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <11.3 | 11.3 |
| Apple Safari | <11.1 | 11.1 |
| Apple Safari | <11.1 | |
| Apple iPhone OS | <11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4102
- CVE-2018-4116
- CVE-2018-4186
- CVE-2018-4137
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4133
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4117
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4167
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4151
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4185
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4174
- CVE-2018-4166
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4134
- CVE-2018-4149
- CVE-2018-4144
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
- CVE-2018-4131
Frequently Asked Questions
What is CVE-2018-4137?
CVE-2018-4137 is a vulnerability in certain Apple products, specifically affecting iOS before 11.3 and Safari before 11.1.
How does CVE-2018-4137 work?
CVE-2018-4137 allows remote attackers to read autofilled data by exploiting the lack of a user-confirmation requirement in Safari Login AutoFill.
Which Apple products are affected by CVE-2018-4137?
CVE-2018-4137 affects iOS versions up to 11.3 and Safari versions up to 11.1.
What is the severity level of CVE-2018-4137?
CVE-2018-4137 has a severity level of high with a CVSS score of 7.5.
How can I fix the CVE-2018-4137 vulnerability?
To fix the CVE-2018-4137 vulnerability, update your iOS device to version 11.3 or later, and update Safari to version 11.1 or later.
- collector/apple-support
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple ios