Vulnerabilities > CVE-2011-3442 - Resource Management Errors vulnerability in Apple Iphone OS

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

apple

CWE-399

NVD

Published: 2011-11-11

Updated: 2012-02-15

Summary

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. Per: http://support.apple.com/kb/HT5052 'This issue does not affect devices running iOS prior to version 4.3.'

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple Iphone OS 4.3.0 Apple Iphone OS 4.3.1 Apple Iphone OS 4.3.2 Apple Iphone OS 4.3.3 Apple Iphone OS 4.3.4 Apple Iphone OS 4.3.5 Apple Iphone OS 5.0	12

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Seebug

bulletinFamily	exploit
description	CVE ID：CVE-2011-3442 Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 mmap系统调用对合法标记组合检查存在逻辑错误，此问题可导致绕过代码签名检查。 Apple iOS 5.x for iPhone 3GS and later Apple iOS for iPod touch 5.x 厂商解决方案用户可参考如下供应商提供的安全公告获得补丁信息： http://support.apple.com/kb/HT5052
id	SSV:23208
last seen	2017-11-19
modified	2011-11-17
published	2011-11-17
reporter	Root
title	Apple iOS代码签名检查漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Seebug

References