CVE-2018-4172
First published: Thu Mar 29 2018(Updated: )
Find My iPhone. A state management issue existed when restoring from a back up. This issue was addressed through improved state checking during restore.
Credit: Viljami Vastamäki product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <11.3 | |
| Apple iOS | <11.3 | 11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4177
- CVE-2018-4123
- CVE-2018-4155
- CVE-2018-4158
- CVE-2018-4142
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4167
- CVE-2018-4168
- CVE-2018-4172
- CVE-2018-4151
- CVE-2018-4150
- CVE-2018-4104
- CVE-2018-4143
- CVE-2018-4185
- CVE-2017-15412
- CVE-2018-4187
- CVE-2018-4174
- CVE-2018-4166
- CVE-2018-4156
- CVE-2018-4157
- CVE-2018-4134
- CVE-2018-4137
- CVE-2018-4149
- CVE-2018-4144
- CVE-2018-4173
- CVE-2018-4154
- CVE-2018-4115
- CVE-2018-4140
- CVE-2018-4148
- CVE-2018-4110
- CVE-2018-4101
- CVE-2018-4114
- CVE-2018-4118
- CVE-2018-4119
- CVE-2018-4120
- CVE-2018-4121
- CVE-2018-4122
- CVE-2018-4125
- CVE-2018-4127
- CVE-2018-4128
- CVE-2018-4129
- CVE-2018-4130
- CVE-2018-4161
- CVE-2018-4162
- CVE-2018-4163
- CVE-2018-4165
- CVE-2018-4113
- CVE-2018-4146
- CVE-2018-4117
- CVE-2018-4207
- CVE-2018-4208
- CVE-2018-4209
- CVE-2018-4210
- CVE-2018-4212
- CVE-2018-4213
- CVE-2018-4145
- CVE-2018-4131
Frequently Asked Questions
What is CVE-2018-4172?
CVE-2018-4172 is a vulnerability that affects certain Apple products running iOS before 11.3. It involves the "Find My iPhone" component, allowing attackers to bypass the iCloud password requirement for disabling the feature.
How does CVE-2018-4172 impact Apple devices?
CVE-2018-4172 allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature on affected Apple devices.
What is the severity of CVE-2018-4172?
The severity of CVE-2018-4172 is medium, with a CVSS severity score of 4.6.
Which versions of iOS are affected by CVE-2018-4172?
iOS versions before 11.3 are affected by CVE-2018-4172.
Is there a fix for CVE-2018-4172?
Yes, updating to iOS version 11.3 or later will address the vulnerability.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple iphone os
- canonical/apple ios