CVE-2018-4123: Infoleak

Q: What is CVE-2018-4123?

CVE-2018-4123 is an information disclosure vulnerability in certain Apple products, specifically iOS before 11.3.

Q: How does CVE-2018-4123 affect Apple products?

CVE-2018-4123 affects the "Clock" component of iOS before 11.3.

Q: What is the severity of CVE-2018-4123?

CVE-2018-4123 has a severity score of 2.4, which is considered low.

Q: How can physically proximate attackers exploit CVE-2018-4123?

Physically proximate attackers can exploit CVE-2018-4123 to discover the iTunes e-mail address of the targeted device.

Q: How can I fix CVE-2018-4123?

To fix CVE-2018-4123, update your iOS to version 11.3 or later.

Published Mar 29, 2018

Updated

Clock. An information disclosure issue existed in the handling of alarms and timers. This issue was addressed with improved access restrictions.

Other sources

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.

Credit

Zaheen Hafzar M M@@zaheenhafzer

Affected Software

2 affected componentsFixes available

Apple iOS and iPadOS<11.3

11.3

iPhone OS<11.3

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208693

Frequently Asked Questions

What is CVE-2018-4123?

CVE-2018-4123 is an information disclosure vulnerability in certain Apple products, specifically iOS before 11.3.

How does CVE-2018-4123 affect Apple products?

CVE-2018-4123 affects the "Clock" component of iOS before 11.3.

What is the severity of CVE-2018-4123?

CVE-2018-4123 has a severity score of 2.4, which is considered low.

How can physically proximate attackers exploit CVE-2018-4123?