CVE-2018-4172

EUVD-2018-15958
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
< 11.3
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/103578
http://www.securitytracker.com/id/1040604
https://support.apple.com/HT208693
http://www.securityfocus.com/bid/103578
http://www.securitytracker.com/id/1040604
https://support.apple.com/HT208693