cvelistv5 - CVE-2011-3442

CVE-2011-3442 (GCVE-0-2011-3442)

Vulnerability from cvelistv5

Published

2011-11-11 18:00

Modified

2024-08-06 23:37

Severity ?

CWE

Summary

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2011-3442

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

Aliases

CVE-2011-3442

Aliases

CVE-2011-3442

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3442",
    "description": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.",
    "id": "GSD-2011-3442"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3442"
      ],
      "details": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.",
      "id": "GSD-2011-3442",
      "modified": "2023-12-13T01:19:09.919145Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2011-3442",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1026287",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026287"
          },
          {
            "name": "APPLE-SA-2011-11-10-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5052",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5052"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-3442"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT5052",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT5052"
            },
            {
              "name": "APPLE-SA-2011-11-10-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
            },
            {
              "name": "1026287",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026287"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-02-15T04:10Z",
      "publishedDate": "2011-11-11T18:55Z"
    }
  }
}

ghsa-44vf-h2q2-97cq

Vulnerability from github

Published

2022-05-17 05:33

Modified

2022-05-17 05:33

Details

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3442"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-11-11T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.",
  "id": "GHSA-44vf-h2q2-97cq",
  "modified": "2022-05-17T05:33:29Z",
  "published": "2022-05-17T05:33:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3442"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5052"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026287"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2011-3442

Vulnerability from fkie_nvd

Published

2011-11-11 18:55

Modified

2025-04-11 00:51

Severity ?

Summary

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT5052	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id?1026287
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5052	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026287

Impacted products

Vendor	Product	Version
apple	iphone_os	4.3.0
apple	iphone_os	4.3.1
apple	iphone_os	4.3.2
apple	iphone_os	4.3.3
apple	iphone_os	4.3.4
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5
apple	iphone_os	5.0
apple	iphone_os	5.0
apple	iphone_os	5.0
apple	iphone_os	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF21ABCB-7CAC-467F-A6B6-06AC2E5CB5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "396634C5-774C-4131-B927-3CAD239EF0B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "64FF0F29-B3C2-4BDC-89FF-DBEDE87D64A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06980521-B0EA-434D-89AD-A951EAF1D23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.0:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "10A0C8B7-D7E0-4CE7-AB4D-FE7AD74B8E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "7313FB15-4EF4-4775-BBE3-B46E803BE5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "E643CBB2-E0B3-4E5A-B99D-A15D6874A52B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app."
    },
    {
      "lang": "es",
      "value": "El kernel en Apple iOS anterior a v5.0.1 no asegura la validez de las combinaciones de indicadores de una llamada al sistema mmap, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario sin firmar  a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "evaluatorImpact": "Per: http://support.apple.com/kb/HT5052\r\n\r\n\u0027This issue does not affect devices running iOS prior to version 4.3.\u0027",
  "id": "CVE-2011-3442",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-11T18:55:01.333",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5052"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id?1026287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026287"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. Apple iOS is prone to a security-bypass vulnerability that affects the code signing security feature. Attackers can exploit this issue by enticing an unsuspecting user to install a specially crafted application on the affected device. Successful exploits will allow attackers to bypass certain security restrictions and execute arbitrary code on the affected device. Apple iOS 4.3 through 5.0 are vulnerable.

NOTE: This vulnerability only affects iPad 2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

iOS 5.0.1 Software Update is now available and addresses the following:

CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook

CoreGraphics Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. CVE-ID CVE-2011-3439 : Apple

Data Security Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.

Kernel Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: An application may execute unsigned code Description: A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3. CVE-ID CVE-2011-3442 : Charlie Miller of Accuvant Labs

libinfo Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in libinfo's handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB

Passcode Lock Available for: iOS 4.3 through 5.0 for iPad 2 Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. CVE-ID CVE-2011-3440

Installation note:

This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad.

The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "5.0.1 (9A405)".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOuxWjAAoJEGnF2JsdZQeeYkAH/1Yz7Y7kSrJKjNeGyxLpliM8 1r33Xu0r6+WJgrjq1Ym4S6Yz1SJvz6uyvt8yLlKMxQHpYxmTjoToVbzvCvr81Kam tpXhpfihRtwzSDEJAV7jRShtylVwoTIfUBTp982eun+2PrJmHI3P070pgCjUiT/C 63O4sen+K0hhT2cJxzWYsw1hmXv8OAmy+snUOh44ovMEa10KrpOqxr6sjrSfBbpU gHyD1BOVB5VPUWSpj+R9/Eji634StaPkmy1yp+iv926MpGMGYT8mB07ec4MP4C78 b7ZaKzmhZILikMR6+fiOUWIZJQ0M8TYzyMol15DP/5mnXiHr46eZvsqWeAuvsok= =RjAe -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs:

http://secunia.com/resources/events/sc_2011/

TITLE: Apple iOS Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA46747

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46747/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46747

RELEASE DATE: 2011-11-11

DISCUSS ADVISORY: http://secunia.com/advisories/46747/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46747/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46747

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user's device.

1) An error within the CFNetwork component when handling URLs can be exploited to redirect a user to an incorrect server.

This is related to vulnerability #4 in: SA46377

2) Multiple errors within the CoreGraphics component when handling FreeType fonts can be exploited to corrupt memory.

Successful exploitation of this vulnerability requires that the user is tricked into installing a malicious App.

4) An error within libinfo when handling DNS name lookups can be exploited to spoof lookups.

PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor.

The vendor credits: 1) Erling Ellingsen, Facebook. 3) Charlie Miller, Accuvant Labs. 4) Erling Ellingsen, Facebook and Per Johansson, Blocket AB.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5052

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0225",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0 to  5.0 (iphone 3gs"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "iphone 4 and  iphone 4s for )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1 to  5.0 (ipod touch (3rd generation) after )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2 to  5.0 (ipad for )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.3 to  5.0 (ipad 2 for )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipad",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Charlie Miller",
    "sources": [
      {
        "db": "BID",
        "id": "50575"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3442",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2011-3442",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-51387",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3442",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3442",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201111-239",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51387",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. Apple iOS is prone to a security-bypass vulnerability that affects the code signing security feature. \nAttackers can exploit this issue by enticing an unsuspecting user to  install a specially crafted  application on the affected device. \nSuccessful exploits will allow attackers to bypass certain security restrictions and execute arbitrary code on the affected device. \nApple iOS 4.3 through 5.0 are vulnerable. \n\nNOTE: This vulnerability only affects iPad 2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update\n\niOS 5.0.1 Software Update is now available and addresses the\nfollowing:\n\nCFNetwork\nAvailable for:  iOS 3.0 through 5.0 for iPhone 3GS,\niPhone 4 and iPhone 4S,\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in CFNetwork\u0027s handling of maliciously\ncrafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could navigate to an incorrect server. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCoreGraphics\nAvailable for:  iOS 3.0 through 5.0 for iPhone 3GS,\niPhone 4 and iPhone 4S,\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\nImpact:  Viewing a document containing a maliciously crafted font may\nlead to arbitrary code execution\nDescription:  Multiple memory corruption issues existed in FreeType,\nthe most serious of which may lead to arbitrary code execution when\nprocessing a maliciously crafted font. \nCVE-ID\nCVE-2011-3439 : Apple\n\nData Security\nAvailable for:  iOS 3.0 through 5.0 for iPhone 3GS,\niPhone 4 and iPhone 4S,\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\nKernel\nAvailable for:  iOS 3.0 through 5.0 for iPhone 3GS,\niPhone 4 and iPhone 4S,\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\nImpact:  An application may execute unsigned code\nDescription:  A logic error existed in the mmap system call\u0027s\nchecking of valid flag combinations. This issue may lead to a bypass\nof codesigning checks. This issue does not affect devices running\niOS prior to version 4.3. \nCVE-ID\nCVE-2011-3442 : Charlie Miller of Accuvant Labs\n\nlibinfo\nAvailable for:  iOS 3.0 through 5.0 for iPhone 3GS,\niPhone 4 and iPhone 4S,\niOS 3.1 through 5.0 for iPod touch (3rd generation) and later,\niOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2\nImpact:  Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription:  An issue existed in libinfo\u0027s handling of DNS name\nlookups. When resolving a maliciously crafted hostname, libinfo could\nreturn an incorrect result. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of\nBlocket AB\n\nPasscode Lock\nAvailable for:  iOS 4.3 through 5.0 for iPad 2\nImpact:  A person with physical access to a locked iPad 2 may be able\nto access some of the user\u0027s data\nDescription:  When a Smart Cover is opened while iPad 2 is confirming\npower off in the locked state, the iPad does not request a passcode. \nThis allows some access to the iPad, but data protected by Data\nProtection is inaccessible and apps cannot be launched. \nCVE-ID\nCVE-2011-3440\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\nuser with the option to install the update. We recommend applying\nthe update immediately if possible. Selecting Don\u0027t Install will\npresent the option the next time you connect your iPhone, iPod touch,\nor iPad. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. After doing\nthis, the update can be applied when your iPhone, iPod touch, or iPad\nis docked to your computer. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be\n\"5.0.1 (9A405)\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuxWjAAoJEGnF2JsdZQeeYkAH/1Yz7Y7kSrJKjNeGyxLpliM8\n1r33Xu0r6+WJgrjq1Ym4S6Yz1SJvz6uyvt8yLlKMxQHpYxmTjoToVbzvCvr81Kam\ntpXhpfihRtwzSDEJAV7jRShtylVwoTIfUBTp982eun+2PrJmHI3P070pgCjUiT/C\n63O4sen+K0hhT2cJxzWYsw1hmXv8OAmy+snUOh44ovMEa10KrpOqxr6sjrSfBbpU\ngHyD1BOVB5VPUWSpj+R9/Eji634StaPkmy1yp+iv926MpGMGYT8mB07ec4MP4C78\nb7ZaKzmhZILikMR6+fiOUWIZJQ0M8TYzyMol15DP/5mnXiHr46eZvsqWeAuvsok=\n=RjAe\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSC World Congress, New York, USA, 16 November 2011\nVisit the Secunia booth (#203) and discover how you can improve your handling of third party programs:\n\nhttp://secunia.com/resources/events/sc_2011/ \n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46747\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46747/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46747\n\nRELEASE DATE:\n2011-11-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46747/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46747/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46747\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iOS, which can\nbe exploited by malicious people to disclose certain sensitive\ninformation, conduct spoofing attacks, and compromise a user\u0027s\ndevice. \n\n1) An error within the CFNetwork component when handling URLs can be\nexploited to redirect a user to an incorrect server. \n\nThis is related to vulnerability #4 in:\nSA46377\n\n2) Multiple errors within the CoreGraphics component when handling\nFreeType fonts can be exploited to corrupt memory. \n\nSuccessful exploitation of this vulnerability requires that the user\nis tricked into installing a malicious App. \n\n4) An error within libinfo when handling DNS name lookups can be\nexploited to spoof lookups. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Reported by the vendor. \n\nThe vendor credits:\n1) Erling Ellingsen, Facebook. \n3) Charlie Miller, Accuvant Labs. \n4) Erling Ellingsen, Facebook and Per Johansson, Blocket AB. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT5052\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "BID",
        "id": "50575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "PACKETSTORM",
        "id": "106874"
      },
      {
        "db": "PACKETSTORM",
        "id": "106986"
      },
      {
        "db": "PACKETSTORM",
        "id": "106896"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3442",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1026287",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "46836",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "46747",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "18170",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18172",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-11-10-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "50575",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-51387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106874",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106986",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "106896",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "BID",
        "id": "50575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "PACKETSTORM",
        "id": "106874"
      },
      {
        "db": "PACKETSTORM",
        "id": "106986"
      },
      {
        "db": "PACKETSTORM",
        "id": "106896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "id": "VAR-201111-0225",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:33:02.647000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT5052",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5052"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://support.apple.com/kb/ht5052"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011/nov/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1026287"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3442"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu988283"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3442"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46747"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46836"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18172"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18170"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/resources/events/sc_2011/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46836/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46836"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46836/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3441"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3439"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3442"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46747"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46747/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46747/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "BID",
        "id": "50575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "PACKETSTORM",
        "id": "106874"
      },
      {
        "db": "PACKETSTORM",
        "id": "106986"
      },
      {
        "db": "PACKETSTORM",
        "id": "106896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "db": "BID",
        "id": "50575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "db": "PACKETSTORM",
        "id": "106874"
      },
      {
        "db": "PACKETSTORM",
        "id": "106986"
      },
      {
        "db": "PACKETSTORM",
        "id": "106896"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-11-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "date": "2011-11-07T00:00:00",
        "db": "BID",
        "id": "50575"
      },
      {
        "date": "2011-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "date": "2011-11-11T04:46:32",
        "db": "PACKETSTORM",
        "id": "106874"
      },
      {
        "date": "2011-11-15T05:08:20",
        "db": "PACKETSTORM",
        "id": "106986"
      },
      {
        "date": "2011-11-12T02:51:34",
        "db": "PACKETSTORM",
        "id": "106896"
      },
      {
        "date": "2011-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "date": "2011-11-11T18:55:01.333000",
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-02-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51387"
      },
      {
        "date": "2011-11-15T00:51:00",
        "db": "BID",
        "id": "50575"
      },
      {
        "date": "2011-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      },
      {
        "date": "2011-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      },
      {
        "date": "2024-11-21T01:30:31.020000",
        "db": "NVD",
        "id": "CVE-2011-3442"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS Arbitrary kernel unsigned code execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002840"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201111-239"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2011-AVI-634

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été corrigées dans Apple iOS. L'une d'entre elles permet d'exécuter du code arbitraire.

Description

Plusieurs vulnérabilités ont été corrigées dans Apple iOS. Les composants suivants ont été mis à jour :

CFNetwork ;
CoreGraphics ;
Gestion des certificats racines ;
Kernel ;
Libinfo ;
Gestion du verrouillage.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à la version 5.0.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-3442 (GCVE-0-2011-3442)

Vulnerability from cvelistv5

gsd-2011-3442

Vulnerability from gsd

ghsa-44vf-h2q2-97cq

Vulnerability from github

fkie_cve-2011-3442

Vulnerability from fkie_nvd

var-201111-0225

Vulnerability from variot

CERTA-2011-AVI-634

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature