CVE-2018-4173

MEDIUM

iPhone OS < 11.3 and macOS < 10.13.4 - Unauthorized Microphone Access via Status Bar

Title source: llm
STIX 2.1

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208692
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208693

Scores

CVSS v3 5.5
EPSS 0.0070
EPSS Percentile 48.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-269
Status published
Products (2)
apple/iphone_os < 11.3
apple/mac_os_x < 10.13.4
Published Apr 13, 2018
Tracked Since Feb 18, 2026