cnvd - cnvd-2018-09966

cnvd-2018-09966

Vulnerability from cnvd

Title

Apple iOS和macOS High Sierra WindowServer安全绕过漏洞

Description

Apple iOS和macOS High Sierra都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；macOS High Sierra是一套专为Mac计算机所开发的专用操作系统。WindowServer是其中的一个Window服务组件。 Apple iOS 11.3之前版本和macOS High Sierra 10.13.4之前版本中的WindowServer组件存在安全漏洞。攻击者可借助可以扫描按键状态的特制应用程序利用该漏洞绕过安全输入模式的保护，记录输入其他应用程序的按键。

Severity

中

Patch Name

Apple iOS和macOS High Sierra WindowServer安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT208692

Reference

https://support.apple.com/HT208692

Impacted products

Name
['Apple iOS <11.3', 'Apple macOS High Sierra <10.13.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103581"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4131",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4131"
    }
  },
  "description": "Apple iOS\u548cmacOS High Sierra\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bmacOS High Sierra\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002WindowServer\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWindow\u670d\u52a1\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.3\u4e4b\u524d\u7248\u672c\u548cmacOS High Sierra 10.13.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684WindowServer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u53ef\u4ee5\u626b\u63cf\u6309\u952e\u72b6\u6001\u7684\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u8f93\u5165\u6a21\u5f0f\u7684\u4fdd\u62a4\uff0c\u8bb0\u5f55\u8f93\u5165\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u6309\u952e\u3002",
  "discovererName": "Andreas Hegenberg of folivora.AI GmbH",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT208692",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09966",
  "openTime": "2018-05-22",
  "patchDescription": "Apple iOS\u548cmacOS High Sierra\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bmacOS High Sierra\u662f\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002WindowServer\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWindow\u670d\u52a1\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.3\u4e4b\u524d\u7248\u672c\u548cmacOS High Sierra 10.13.4\u4e4b\u524d\u7248\u672c\u4e2d\u7684WindowServer\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u53ef\u4ee5\u626b\u63cf\u6309\u952e\u72b6\u6001\u7684\u7279\u5236\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u8f93\u5165\u6a21\u5f0f\u7684\u4fdd\u62a4\uff0c\u8bb0\u5f55\u8f93\u5165\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u6309\u952e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u548cmacOS High Sierra WindowServer\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c11.3",
      "Apple macOS High Sierra \u003c10.13.4"
    ]
  },
  "referenceLink": "https://support.apple.com/HT208692",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-24",
  "title": "Apple iOS\u548cmacOS High Sierra WindowServer\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-4131 (GCVE-0-2018-4131)

Vulnerability from cvelistv5

Published

2018-04-03 06:00

Modified

2024-08-05 05:04

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.

References

URL

Tags

	https://support.apple.com/HT208692	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040604	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/103581	vdb-entry, x_refsource_BID
	https://twitter.com/boastr_net/status/979624397664333824	x_refsource_MISC
	https://support.apple.com/HT208693	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040608	vdb-entry, x_refsource_SECTRACK