Critical

CVE-2011-3430 - Unspecified vulnerability in Apple Iphone OS

Publication: 2011-10-14
Summary

The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.

Risk level (CVSS 9.3)

Critical

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apple Iphone OS 3.0
  • Apple Iphone OS 3.1
  • Apple Iphone OS 3.1
  • Apple Iphone OS 3.1
  • Apple Iphone OS 3.1.2
  • Apple Iphone OS 3.1.3
  • Apple Iphone OS 3.2
  • Apple Iphone OS 3.2
  • Apple Iphone OS 3.2.1
  • Apple Iphone OS 3.2.1
  • Apple Iphone OS 3.2.2
  • Apple Iphone OS 4.0
  • Apple Iphone OS 4.0
  • Apple Iphone OS 4.0
  • Apple Iphone OS 4.0.1
  • Apple Iphone OS 4.0.1
  • Apple Iphone OS 4.0.1
  • Apple Iphone OS 4.0.2
  • Apple Iphone OS 4.1
  • Apple Iphone OS 4.2.1
  • Apple Iphone OS 4.2.5
  • Apple Iphone OS 4.2.8
  • Apple Iphone OS 4.3.0
  • Apple Iphone OS 4.3.1
  • Apple Iphone OS 4.3.2
  • Apple Iphone OS 4.3.3
  • Apple Iphone OS 4.3.5
  • Apple Iphone OS 4.3.5
  • Apple Iphone OS 4.3.5