CVE-2018-4170
First published: Thu Mar 29 2018(Updated: )
Admin Framework. The sysadminctl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. This update makes the password parameter optional, and sysadminctl will prompt for the password if needed.
Credit: an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <10.13.4 | 10.13.4 |
| Apple Sierra | ||
| Apple El Capitan | ||
| macOS Yosemite | <10.13.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4170
- CVE-2018-4105
- CVE-2018-4112
- CVE-2018-4166
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2017-13890
- CVE-2017-8816
- CVE-2018-4176
- CVE-2018-4108
- CVE-2017-13080
- CVE-2018-4167
- CVE-2018-4151
- CVE-2018-4132
- CVE-2018-4135
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4136
- CVE-2018-4160
- CVE-2018-4185
- CVE-2018-4139
- CVE-2018-4175
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4179
- CVE-2018-4111
- CVE-2018-4174
- CVE-2018-4152
- CVE-2017-7151
- CVE-2018-4138
- CVE-2018-4107
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4298
- CVE-2018-4144
- CVE-2017-13911
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4106
- CVE-2018-4131
Frequently Asked Questions
What is CVE-2018-4170?
CVE-2018-4170 is a vulnerability that affects certain Apple products, including macOS High Sierra before version 10.13.4.
What is the severity of CVE-2018-4170?
CVE-2018-4170 has a severity rating of 7.8 (High).
How does CVE-2018-4170 affect macOS?
CVE-2018-4170 affects macOS versions before 10.13.4 and can expose passwords to other local users.
How do I fix CVE-2018-4170?
To fix CVE-2018-4170, update your macOS to version 10.13.4 or later.
Where can I find more information about CVE-2018-4170?
You can find more information about CVE-2018-4170 at the following references: [link1], [link2], [link3].
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple macos
- canonical/apple sierra
- canonical/apple el capitan
- canonical/macos yosemite