High

CVE-2011-3442 - Resource Management Errors vulnerability in Apple Iphone OS

Publication: 2011-11-11
Summary

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

Classification
CWE-399: Resource Management Errors

Risk level (CVSS 7.2)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apple Iphone OS 4.3.0
  • Apple Iphone OS 4.3.1
  • Apple Iphone OS 4.3.2
  • Apple Iphone OS 4.3.3
  • Apple Iphone OS 4.3.4
  • Apple Iphone OS 4.3.5
  • Apple Iphone OS 4.3.5
  • Apple Iphone OS 4.3.5
  • Apple Iphone OS 5.0
  • Apple Iphone OS 5.0
  • Apple Iphone OS 5.0
  • Apple Iphone OS 5.0