An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the Mail component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iphone_os | Apple | * | 11.4 (excluding) |
| Mac_os_x | Apple | * | 10.13.5 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html
References
- http://www.securityfocus.com/bid/104897
- http://www.securitytracker.com/id/1041027
- https://efail.de/#cve
- https://support.apple.com/HT208848
- https://support.apple.com/HT208849
- http://www.securityfocus.com/bid/104897
- http://www.securitytracker.com/id/1041027
- https://efail.de/#cve
- https://support.apple.com/HT208848
- https://support.apple.com/HT208849