CVE-2018-4131 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2018-4131

CWE

https://cwe.mitre.org/data/definitions/.html

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the WindowServer component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.

Affected Software

Name	Vendor	Start Version	End Version
Iphone_os	Apple	*	11.3 (excluding)
Mac_os_x	Apple	*	10.13.4 (excluding)

References

http://www.securityfocus.com/bid/103581
http://www.securitytracker.com/id/1040604
http://www.securitytracker.com/id/1040608
https://support.apple.com/HT208692
https://support.apple.com/HT208693
https://twitter.com/boastr_net/status/979624397664333824
http://www.securityfocus.com/bid/103581
http://www.securitytracker.com/id/1040604
http://www.securitytracker.com/id/1040608
https://support.apple.com/HT208692
https://support.apple.com/HT208693
https://twitter.com/boastr_net/status/979624397664333824