cnvd - cnvd-2018-26503

cnvd-2018-26503

Vulnerability from cnvd

Title

Apple iOS Messages UI欺骗漏洞

Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Messages是其中的一个用于发送的文本、照片和视频的应用程序组件。 Apple iOS 12.1之前版本中的Messages组件存在安全漏洞。攻击者可借助特制的文本消息利用该漏洞伪造UI。

Severity

中

Patch Name

Apple iOS Messages UI欺骗漏洞的补丁

Patch Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Messages是其中的一个用于发送的文本、照片和视频的应用程序组件。 Apple iOS 12.1之前版本中的Messages组件存在安全漏洞。攻击者可借助特制的文本消息利用该漏洞伪造UI。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT209192

Reference

https://support.apple.com/zh-cn/HT209192

Impacted products

Name
Apple iOS <12.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4391",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4391"
    }
  },
  "description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\n\nApple iOS 12.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u672c\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020UI\u3002",
  "discovererName": "Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT209192",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-26503",
  "openTime": "2018-12-26",
  "patchDescription": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 12.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u672c\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020UI\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS Messages UI\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple  iOS \u003c12.1"
  },
  "referenceLink": "https://support.apple.com/zh-cn/HT209192",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-22",
  "title": "Apple iOS Messages UI\u6b3a\u9a97\u6f0f\u6d1e"
}

CVE-2018-4391 (GCVE-0-2018-4391)

Vulnerability from cvelistv5

Published

2020-10-27 19:19

Modified

2024-08-05 05:11

Severity ?

CWE

Processing a maliciously crafted text message may lead to UI spoofing

Summary

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.

References

URL

Tags

	https://support.apple.com/en-us/HT209192	x_refsource_MISC
	https://support.apple.com/en-us/HT208221	x_refsource_MISC
	https://support.apple.com/en-us/HT208696	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

macOS

Version: unspecified < 10.13

	Apple	macOS	Version: unspecified < 4.3
	Apple	macOS	Version: unspecified < 12.1

Show details on NVD website