CVE-2018-4168: Infoleak

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-4168.

Q: What is the affected software?

The affected software is iOS version up to and excluding 11.3 and Apple iPhone OS version up to and excluding 11.3.

Q: What is the severity of CVE-2018-4168?

The severity of CVE-2018-4168 is medium, with a severity value of 4.6.

Q: How can an attacker exploit this vulnerability?

An attacker can exploit this vulnerability by physically accessing a locked device and obtaining sensitive information through the display of cached data in the Files Widget.

Q: Is there a fix available for this vulnerability?

Yes, updating the iOS or Apple iPhone OS to version 11.3 or above will fix this vulnerability.

Published Mar 29, 2018

Updated

Files Widget. The File Widget was displaying cached data when in the locked state. This issue was addressed with improved state management.

Other sources

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.

Credit

Brandon Moore

Affected Software

2 affected componentsFixes available

Apple iOS and iPadOS<11.3

11.3

iPhone OS<11.3

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208693

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-4168.

What is the affected software?

The affected software is iOS version up to and excluding 11.3 and Apple iPhone OS version up to and excluding 11.3.

What is the severity of CVE-2018-4168?

The severity of CVE-2018-4168 is medium, with a severity value of 4.6.

How can an attacker exploit this vulnerability?