CVE-2018-4202: Input Validation

Q: What is CVE-2018-4202?

CVE-2018-4202 is an input validation issue in the iBooks component of certain Apple products.

Q: What products are affected by CVE-2018-4202?

iOS versions before 11.4 and macOS versions before 10.13.5 are affected.

Q: How does CVE-2018-4202 impact users?

CVE-2018-4202 allows man-in-the-middle attackers to spoof a password prompt in iBooks.

Q: What is the severity of CVE-2018-4202?

CVE-2018-4202 has a severity score of 5.9, which is considered medium.

Q: Is there a fix for CVE-2018-4202?

Yes, updating to iOS 11.4 or macOS 10.13.5 will address this vulnerability.

Published Jun 1, 2018

Updated

iBooks. An input validation issue was addressed with improved input validation.

Other sources

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.

Credit

Jerry Decime

Affected Software

5 affected componentsFixes available

Apple macOS High Sierra<10.13.5

10.13.5

Apple Sierra

Apple El Capitan

Apple iPhone OS<11.4

Apple iOS and macOS<10.13.5

Event History

Jun 8, 2018

CVE Published

via MITRE·06:00 PM

Data Sourced

via MITRE·06:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208849

Frequently Asked Questions

What is CVE-2018-4202?

CVE-2018-4202 is an input validation issue in the iBooks component of certain Apple products.

What products are affected by CVE-2018-4202?

iOS versions before 11.4 and macOS versions before 10.13.5 are affected.

How does CVE-2018-4202 impact users?

CVE-2018-4202 allows man-in-the-middle attackers to spoof a password prompt in iBooks.

What is the severity of CVE-2018-4202?