Vulnerabilities > CVE-2011-3442 - Resource Management Errors vulnerability in Apple Iphone OS
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. Per: http://support.apple.com/kb/HT5052 'This issue does not affect devices running iOS prior to version 4.3.'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 12 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2011-3442 Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 mmap系统调用对合法标记组合检查存在逻辑错误,此问题可导致绕过代码签名检查。 Apple iOS 5.x for iPhone 3GS and later Apple iOS for iPod touch 5.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://support.apple.com/kb/HT5052 |
id | SSV:23208 |
last seen | 2017-11-19 |
modified | 2011-11-17 |
published | 2011-11-17 |
reporter | Root |
title | Apple iOS代码签名检查漏洞 |