CVE-2018-4355
Description
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A configuration issue in iOS and macOS allowed a local app to read a persistent account identifier, addressed with improved entitlements in iOS 12 and macOS Mojave 10.14.
Vulnerability
A configuration issue in the Accounts subsystem on iOS and macOS allowed a local app to read a persistent account identifier. This affected versions prior to iOS 12 and macOS Mojave 10.14 [1][2]. The issue was addressed with improved entitlements and additional restrictions.
Exploitation
An attacker would need to have a local app installed on the device. No special privileges or user interaction beyond installing the app is required. The app could then access the persistent account identifier without proper entitlement checks.
Impact
A malicious local app could read a persistent account identifier, leading to information disclosure of a unique identifier tied to the user's account. This could be used for tracking or profiling.
Mitigation
Apple released iOS 12 on September 17, 2018, and macOS Mojave 10.14 on September 24, 2018, which include the fix [1][2]. Users should update to these versions or later. No workaround is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <12
- Range: <10.14
- Range: <12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.apple.com/kb/HT209106mitrex_refsource_MISC
- support.apple.com/kb/HT209139mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.