CVE-2018-5383

Summary

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Affected Software

VendorProductVersion RangeStatus
ApplemacOS10.13 High Sierra < 10.13.6affected
AppleiOS11 < 11.4affected
Android Open Source ProjectAndroidunspecified < 2018-06-05 patch levelaffected

Weaknesses

  • CWE-325: CWE-325

ADP Enrichment

CVE Program Container

Additional References

References