CVE-2018-4137: Infoleak

Q: What is CVE-2018-4137?

CVE-2018-4137 is a vulnerability in certain Apple products, specifically affecting iOS before 11.3 and Safari before 11.1.

Q: How does CVE-2018-4137 work?

CVE-2018-4137 allows remote attackers to read autofilled data by exploiting the lack of a user-confirmation requirement in Safari Login AutoFill.

Q: Which Apple products are affected by CVE-2018-4137?

CVE-2018-4137 affects iOS versions up to 11.3 and Safari versions up to 11.1.

Q: What is the severity level of CVE-2018-4137?

CVE-2018-4137 has a severity level of high with a CVSS score of 7.5.

Q: How can I fix the CVE-2018-4137 vulnerability?

To fix the CVE-2018-4137 vulnerability, update your iOS device to version 11.3 or later, and update Safari to version 11.1 or later.

Published Mar 29, 2018

Updated

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.

Other sources

Safari Login AutoFill. Safari autofill did not require explicit user interaction before taking place. The issue was addressed with improved autofill heuristics.

Credit

CVE-2018-4137

Affected Software

4 affected componentsFixes available

Safari<11.1

11.1

Apple iOS and iPadOS<11.3

11.3

Safari<11.1

iPhone OS<11.3

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2018-4137?

CVE-2018-4137 is a vulnerability in certain Apple products, specifically affecting iOS before 11.3 and Safari before 11.1.

How does CVE-2018-4137 work?