CVE-2018-4321

MEDIUM

iPhone OS < 12.0 - Entitlement Verification Bypass via Improper Input Validation

Title source: llm
STIX 2.1

Description

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209107
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209106
Vendor Advisory x_refsource_misc
https://support.apple.com/kb/HT209139

Scores

CVSS v3 5.3
EPSS 0.0132
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-20
Status published
Products (3)
apple/iphone_os < 12.0
apple/mac_os_x < 10.14
apple/tvos < 12
Published Apr 03, 2019
Tracked Since Feb 18, 2026