Risk | Low |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-20 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Apple iOS Operating systems & Components / Operating system |
Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU13428
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a physically local attacker to conduct brute-force attack on the target system.
The vulnerability exists due to insufficient input validation. A physically local attacker can send specially crafted data via a physically connected keyboard, conduct brute force password guessing attacks, bypass the failed passcode attempt limits and conduct further attacks.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Apple iOS: 11.0.0 - 11.4
External linkshttp://twitter.com/hackerfantastic/status/1010240042990596096
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.