BID:104888

Apple macOS/watchOS/tvOS CVE-2018-4226 Local Authorization Bypass Vulnerability

CVE-2018-4226 |

Info

Apple macOS/watchOS/tvOS CVE-2018-4226 Local Authorization Bypass Vulnerability

Bugtraq ID:	104888
Class:	Design Error
CVE:	CVE-2018-4226
Remote:	No
Local:	Yes
Published:	Jul 23 2018 12:00AM
Updated:	Jul 23 2018 12:00AM
Credit:	Abraham Masri (@cheesecakeufo)
Vulnerable:	Apple watchOS 10.1.1 Apple watchOS 3.1.3 Apple watchOS 3.1.1 Apple watchOS 2.2.2 Apple watchOS 2.2.1 Apple watchOS 2.0.1 Apple watchOS 1.0.1 Apple watchOS 4.3 Apple watchOS 4.2.3 Apple watchOS 4.2.2 Apple watchOS 4.2 Apple watchOS 4.1 Apple watchOS 4 Apple watchOS 3.2.3 Apple watchOS 3.2.2 Apple watchOS 3.2.1 Apple watchOS 3.2 Apple watchOS 3.1 Apple watchOS 3.0 Apple watchOS 3 Apple watchOS 2.2 Apple watchOS 2.1 Apple watchOS 2.0 Apple watchOS 1.0 Apple Watch Hermes 0 Apple Watch Edition 0 Apple Watch 0 Apple tvOS 11.2.6 Apple tvOS 11.2.5 Apple tvOS 10.1.1 Apple tvOS 10.0.1 Apple tvOS 9.2.2 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple tvOS 11.2.1 Apple tvOS 11.2 Apple tvOS 11.1 Apple tvOS 11 Apple tvOS 10.2.2 Apple tvOS 10.2.1 Apple tvOS 10.2 Apple tvOS 10.1 Apple tvOS 10 Apple TV 0 Apple macOS 10.13.4 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0

Not Vulnerable:	Apple watchOS 4.3.1 Apple tvOS 11.4 Apple macOS 10.13.5

Discussion

Apple macOS/watchOS/tvOS CVE-2018-4226 Local Authorization Bypass Vulnerability

Apple macOS/watchOS/tvOS are prone to a local authorization-bypass vulnerability.

A local attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.

Solution / Fix

Apple macOS/watchOS/tvOS CVE-2018-4226 Local Authorization Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apple macOS/watchOS/tvOS CVE-2018-4226 Local Authorization Bypass Vulnerability

References: