Vulnerabilities > CVE-2010-0038 - Resource Management Errors vulnerability in Apple Iphone OS
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 38040 CVE ID: CVE-2010-0038 iPhone OS是苹果iPhone智能手机和iPod touch播放器所使用的操作系统。 在处理某些USB控制消息时存在内存破坏漏洞,能够物理访问设备的用户可以绕过通行码验证访问用户数据。 Apple iPhone OS 1.1 - 3.1.2 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com |
| id | SSV:19061 |
| last seen | 2017-11-19 |
| modified | 2010-02-04 |
| published | 2010-02-04 |
| reporter | Root |
| title | Apple iPhone OS USB控制消息信息泄露漏洞 |
References
- http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
- http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html
- http://osvdb.org/62128
- http://osvdb.org/62128
- http://support.apple.com/kb/HT4013
- http://support.apple.com/kb/HT4013
- http://www.securityfocus.com/bid/38040
- http://www.securityfocus.com/bid/38040