CVE-2011-3431 - Information Leak / Disclosure vulnerability in Apple Iphone OS

Publication

2011-10-14

Last modification

2017-08-29

Summary

The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.

Description

Apple iOS is prone to an information-disclosure vulnerability.A local attacker can exploit this issue to retrieve the previous application's state. Information obtained may aid in further attacks.The following Apple systems are vulnerable: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPadNOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it.

Solution

Vendor updates are available. Please see the references for more information.

Exploit

An attacker requires local interactive access to exploit.

Classification

CWE-200 - Information Leak / Disclosure

Risk level (CVSS AV:L/AC:L/Au:N/C:P/I:N/A:N)

Low

2.1

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  3.1.2 , 3.0 , 4.1 , 3.2 , 4.2.5 , 4.3.0 , 3.1.3 , 4.3.1 , 3.1 , 4.0.1 , 4.2.8 , 4.3.3 , 4.3.5 , 3.2.1 , 4.2.1 , 3.2.2 , 4.3.2 , 4.0.2 , 4.0