5
CVE-2012-3749
- EPSS 2.23%
- Veröffentlicht 03.11.2012 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:43:51
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.23% | 0.805 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html
http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
http://support.apple.com/kb/HT5567
http://secunia.com/advisories/51445
http://support.apple.com/kb/HT5598
http://www.securityfocus.com/bid/56361