Main Vulnerability Database Vulnerabilities #VU13131

#VU13131 Security restrictions bypass in Apple iOS - CVE-2018-4252

Published: June 4, 2018

Vulnerability identifier: #VU13131

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-4252

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a physically local attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a permissions error in the Siri component. A physically local attacker can bypass security restrictions and read notifications of content that is set to be not displayed at the lock screen.

Remediation

Update to version 11.4.

External links

https://support.apple.com/en-us/HT208848

#VU13131 Security restrictions bypass in Apple iOS - CVE-2018-4252

Description

Remediation

External links

Please verify you're human