Login Sign Up

CVE-2018-4428

7.1 HIGH

📋 TL;DR

CVE-2018-4428 is an iOS lock screen vulnerability that allowed attackers with physical access to a locked device to use the share function to potentially exfiltrate data. This affected iOS devices before version 12.1.1. The issue was mitigated by Apple restricting share options on locked devices.

💻 Affected Systems

Products:
  • iPhone
  • iPad
  • iPod touch
Versions: iOS versions before 12.1.1
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires physical access to a locked device. The vulnerability was present in default iOS configurations.

📦 What is this software?

Iphone Os by Apple

View all CVEs affecting Iphone Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with brief physical access could share sensitive photos, documents, or other data from the lock screen without authentication, potentially leading to data exfiltration or privacy violations.

🟠

Likely Case

Limited data exposure through opportunistic sharing of visible content from lock screen notifications or recent items, but requires physical device access and user interaction.

🟢

If Mitigated

With iOS 12.1.1 or later installed, the share function is properly restricted on locked devices, preventing unauthorized data sharing.

🌐 Internet-Facing: LOW - This is a local physical access vulnerability requiring attacker to have the device in hand.
🏢 Internal Only: MEDIUM - In environments where devices may be left unattended (offices, public spaces), this could enable opportunistic data theft by insiders or visitors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access to the device and knowledge of the vulnerability. No authentication bypass needed beyond having the locked device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 12.1.1

Vendor Advisory: https://support.apple.com/en-us/HT209340

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 12.1.1 or later. 5. Device will restart automatically.

🔧 Temporary Workarounds

Disable Lock Screen Access

ios

Disable lock screen access to notifications and widgets to reduce attack surface

Settings > Face ID & Passcode > Turn off 'Today View and Search', 'Notifications View', 'Control Center' while locked

Enable Auto-Lock

ios

Set shorter auto-lock timeout to reduce window of opportunity

Settings > Display & Brightness > Auto-Lock > Set to 30 seconds or less

🧯 If You Can't Patch

  • Implement strict physical security controls for iOS devices
  • Disable lock screen access to notifications and control center

🔍 How to Verify

Check if Vulnerable:

Check iOS version: Settings > General > About > Version. If version is earlier than 12.1.1, device is vulnerable.

Check Version:

Settings > General > About > Version

Verify Fix Applied:

After updating, verify iOS version is 12.1.1 or later. Test lock screen share functionality to confirm it's restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual share activities from lock screen (difficult to log)

Network Indicators:

  • Unexpected data transfers from iOS devices while locked

SIEM Query:

Not applicable - primarily physical security issue

📊 Metadata

CVE ID: CVE-2018-4428
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: October 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON