PT-2018-3532 · Google+6 · Android+7

Eli Biham

Publicado

2018-07-16

Atualizado

2026-03-05

CVE-2018-5383

CVSS v3.1

8.0

Alta

Vetor

AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13 iOS versions prior to 11.4 Android versions prior to the 2018-06-05 patch

Description: The issue is related to incorrect validation of cryptographic signatures in Bluetooth drivers for Android, macOS, and iOS operating systems. This can allow an attacker to perform a "man-in-the-middle" attack. The vulnerability is due to insufficient validation of elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Recommendations: For macOS versions prior to 10.13, update to version 10.13 or later. For iOS versions prior to 11.4, update to version 11.4 or later. For Android versions prior to the 2018-06-05 patch, apply the 2018-06-05 patch or later.

Correção

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-325CWE-347

Identificadores relacionados

BDU:2020-03306

CESA-2019_2169

CVE-2018-5383

DLA-1747-1

OPENSUSE-SU-2019_0275-1

RHSA-2019:2169

RHSA-2019_2169

SUSE-SU-2019:0422-1

SUSE-SU-2019:0427-1

SUSE-SU-2019:0427-2

SUSE-SU-2019:0466-1

SUSE-SU-2019_0422-1

SUSE-SU-2019_0427-1

SUSE-SU-2019_0427-2

SUSE-SU-2019_0466-1

USN-4094-1

USN-4095-1

USN-4095-2

USN-4118-1

USN-4351-1

Produtos afetados

Android

Astra Linux

Centos

Red Hat

Suse

Ubuntu

Ios

Apple Macos

PT-2018-3532 · Google+6 · Android+7

CVE-2018-5383

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 111