CVE-2012-3749

Sažetak

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html
http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://secunia.com/advisories/51445
http://support.apple.com/kb/HT5567
http://support.apple.com/kb/HT5598
http://www.securityfocus.com/bid/56361

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2013 - 06:47

Objavljeno

03-11-2012 - 17:55