First published: Thu Mar 29 2018(Updated: )
LinkPresentation. A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Credit: Roman Mueller @faker_ Zhiyang Zeng @Wester Tencent Security Platform DepartmentRoman Mueller @faker_ Zhiyang Zeng @Wester Tencent Security Platform DepartmentRoman Mueller @faker_ Zhiyang Zeng @Wester Tencent Security Platform Department product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <11.3.1 | |
Apple Mac OS X | <10.13.4 | |
Apple iOS | <11.3 | 11.3 |
Apple macOS High Sierra | <10.13.4 | 10.13.4 |
Apple Sierra | ||
Apple El Capitan | ||
Apple macOS Mojave | <10.14.1 | 10.14.1 |
Apple High Sierra |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-4187 is a vulnerability that allows remote attackers to spoof the UI via a crafted URL in a text message in certain Apple products.
iOS before 11.3.1 and macOS before 10.13.4 Security Update 2018-001 are affected by CVE-2018-4187.
Remote attackers can exploit CVE-2018-4187 by sending a text message with a crafted URL that spoofs the UI.
The severity of CVE-2018-4187 is medium with a severity value of 6.5.
To fix CVE-2018-4187, update to iOS 11.3.1 or later and macOS 10.13.4 Security Update 2018-001 or later.