Vulnerabilities > CVE-2013-0977 - Security Bypass vulnerability in Apple Iphone OS and Tvos
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.
Vulnerable Configurations
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 58586 CVE(CAN) ID: CVE-2013-0977 Apple iOS是由苹果公司开发的手持设备操作系统。 iPhone, iPod touch, iPad上使用的Apple iOS 6.1.3之前版本在处理带有重叠段的Mach-O可执行文件时存在状态管理问题,可导致攻击者绕过某些安全限制并在受影响设备上执行任意代码。 0 Apple iOS <= 6.1.3 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/ |
| id | SSV:60701 |
| last seen | 2017-11-19 |
| modified | 2013-03-20 |
| published | 2013-03-20 |
| reporter | Root |
| title | Apple iPhone/iPad/iPod touch iOS 6.1.3之前版本安全绕过漏洞(CVE-2013-0977) |