CVE-2011-3430 - Unspecified vulnerability in Apple Iphone OS

Publication

2011-10-14

Last modification

2017-08-29

Summary

The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.

Description

Apple iOS is prone to a security weakness that may result in improper display of configurations and settings when applied through configuration profiles.This weakness may cause unsuspecting users to set up unsafe configurations, resulting in a false sense of security. This may lead to other attacks.

Solution

The vendor has released an advisory and fixes. Please see the references for more information.

Exploit

A specific exploit is not required. Since configuration settings may be misconfigured, the device may be more susceptible to other attacks.

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  3.1.2 , 3.0 , 4.1 , 3.2 , 4.2.5 , 4.3.0 , 3.1.3 , 4.3.1 , 3.1 , 4.0.1 , 4.2.8 , 4.3.3 , 4.3.5 , 3.2.1 , 4.2.1 , 3.2.2 , 4.3.2 , 4.0.2 , 4.0