CVE-2018-4131

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.
References
Link Resource
https://twitter.com/boastr_net/status/979624397664333824 Third Party Advisory
https://support.apple.com/HT208693 Vendor Advisory
https://support.apple.com/HT208692 Vendor Advisory
http://www.securitytracker.com/id/1040608 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040604 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/103581 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Information

Published : 2018-04-02 23:29

Updated : 2019-10-02 17:03


NVD link : CVE-2018-4131

Mitre link : CVE-2018-4131


JSON object : View

Advertisement

dedicated server usa

Products Affected

apple

  • mac_os_x
  • iphone_os