CVE-2011-3432 - Resource Management Errors vulnerability in Apple Iphone OS

Publication

2011-10-14

Last modification

2017-08-29

Summary

The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

Description

Apple iOS is prone to a denial-of-service vulnerability when handling specially crafted webpages.Attackers can exploit this issue to cause the device to hang, denying service to legitimate users.NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it.

Solution

Updates are available; please see the references for more information.

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-399 - Resource Management Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  4.0 , 3.2.2 , 3.1.3 , 4.0.1 , 3.2.1 , 4.3.3 , 4.2.1 , 4.3.2 , 3.0 , 4.0.2 , 4.3.5 , 4.2.5 , 3.1 , 4.2.8 , 4.3.0 , 4.1 , 4.3.1 , 3.2 , 3.1.2