cnvd - cnvd-2018-07574

CNVD-2018-07574

Vulnerability from cnvd - Published: 2018-04-12

Title

Apple iOS Files Widget信息泄露漏洞

Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Files Widget是其中的一个文件工具组件。 Apple iOS 11.3之前版本中的Files Widget组件存在安全漏洞，该漏洞源于Files Widget处于锁定状态时，仍可显示缓存数据。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Apple iOS Files Widget信息泄露漏洞的补丁

Patch Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Files Widget是其中的一个文件工具组件。 Apple iOS 11.3之前版本中的Files Widget组件存在安全漏洞，该漏洞源于Files Widget处于锁定状态时，仍可显示缓存数据。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/HT208693

Reference

https://securitytracker.com/id/1040604

Impacted products

Name
Apple iOS <11.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4168"
    }
  },
  "description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Files Widget\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u5de5\u5177\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684Files Widget\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFiles Widget\u5904\u4e8e\u9501\u5b9a\u72b6\u6001\u65f6\uff0c\u4ecd\u53ef\u663e\u793a\u7f13\u5b58\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/HT208693",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07574",
  "openTime": "2018-04-12",
  "patchDescription": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Files Widget\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6587\u4ef6\u5de5\u5177\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.3\u4e4b\u524d\u7248\u672c\u4e2d\u7684Files Widget\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFiles Widget\u5904\u4e8e\u9501\u5b9a\u72b6\u6001\u65f6\uff0c\u4ecd\u53ef\u663e\u793a\u7f13\u5b58\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS Files Widget\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple  iOS \u003c11.3"
  },
  "referenceLink": "https://securitytracker.com/id/1040604",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-30",
  "title": "Apple iOS Files Widget\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2018-4168 (GCVE-0-2018-4168)

Vulnerability from cvelistv5 – Published: 2018-04-03 06:00 – Updated: 2024-08-05 05:04

Summary

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1040604	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT208693	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103578	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:04:29.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040604",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208693"
          },
          {
            "name": "103578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Files Widget\" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-03T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1040604",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208693"
        },
        {
          "name": "103578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2018-4168",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Files Widget\" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040604",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040604"
            },
            {
              "name": "https://support.apple.com/HT208693",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208693"
            },
            {
              "name": "103578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2018-4168",
    "datePublished": "2018-04-03T06:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:04:29.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-07574

CVE-2018-4168 (GCVE-0-2018-4168)

Tags

Sightings

Nomenclature