vulnerability

OS X security update for Bluetooth (CVE-2018-5383)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:A/AC:M/Au:N/C:P/I:P/A:N)	Jul 24, 2018	Jul 24, 2018	Aug 13, 2025

Severity

CVSS

(AV:A/AC:M/Au:N/C:P/I:P/A:N)

Published

Jul 24, 2018

Added

Jul 24, 2018

Modified

Aug 13, 2025

Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Solutions

apple-osx-security-update-2018-003apple-osx-upgrade-10_13_6apple-osx-upgrade-10_14

References

CVE-2018-5383
https://attackerkb.com/topics/CVE-2018-5383
CWE-325
CWE-347
URL-https://support.apple.com/kb/HT208849
URL-https://support.apple.com/kb/HT208937
URL-https://support.apple.com/kb/HT209139

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today