Vulnerability Description
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 4.3.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.htmlVendor Advisory
- http://support.apple.com/kb/HT5052Vendor Advisory
- http://www.securitytracker.com/id?1026287
- http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.htmlVendor Advisory
- http://support.apple.com/kb/HT5052Vendor Advisory
- http://www.securitytracker.com/id?1026287
FAQ
What is CVE-2011-3442?
CVE-2011-3442 is a vulnerability with a CVSS score of 7.2 (HIGH). The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
How severe is CVE-2011-3442?
CVE-2011-3442 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3442?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.