CVE-2011-3442 - Resource Management Errors vulnerability in Apple Iphone OS

Publication

2011-11-11

Last modification

2012-02-15

Summary

Per: http://support.apple.com/kb/HT5052 'This issue does not affect devices running iOS prior to version 4.3.'

Description

Apple iOS is prone to a security-bypass vulnerability that affects the code signing security feature.Attackers can exploit this issue by enticing an unsuspecting user to install a specially crafted application on the affected device.Successful exploits will allow attackers to bypass certain security restrictions and execute arbitrary code on the affected device.Apple iOS 4.3 through 5.0 are vulnerable.

Solution

Updates are available. Please see the references for more information.

Exploit

An attacker must trick a victim into installing a malicious application to exploit this issue.A video demonstrating the issue is available. This exploit is not otherwise known to be public or circulating in the wild.

Classification

CWE-399 - Resource Management Errors

Risk level (CVSS AV:L/AC:L/Au:N/C:C/I:C/A:C)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  4.3.0 , 4.3.5 , 4.3.1 , 5.0 , 4.3.4 , 4.3.2 , 4.3.3