First published: Wed Dec 05 2018(Updated: )
Profiles. A certificate validation issue existed in configuration profiles. This was addressed with additional checks.
Credit: James Seeley @Code4iOS Joseph S. JJS SecuritiesJames Seeley @Code4iOS Joseph S. JJS SecuritiesJames Seeley @Code4iOS Joseph S. JJS Securities product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <12.1.1 | |
Apple tvOS | <12.1.1 | |
Apple watchOS | <5.1.2 | |
Apple iOS | <12.1.1 | 12.1.1 |
Apple tvOS | <12.1.1 | 12.1.1 |
Apple watchOS | <5.1.2 | 5.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2018-4436 is a certificate validation issue that existed in configuration profiles in certain Apple software versions.
CVE-2018-4436 affects Apple devices running iOS versions prior to 12.1.1, tvOS versions prior to 12.1.1, and watchOS versions prior to 5.1.2.
The severity of CVE-2018-4436 is high with a CVSS score of 7.5.
To fix CVE-2018-4436, update your Apple device to iOS 12.1.1, tvOS 12.1.1, or watchOS 5.1.2 or later.
More information about CVE-2018-4436 can be found on the Apple support website at the following links: [link1](https://support.apple.com/kb/HT209340), [link2](https://support.apple.com/kb/HT209342), [link3](https://support.apple.com/kb/HT209343).