Vulnerability Description
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 6.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html
- http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://secunia.com/advisories/51445
- http://support.apple.com/kb/HT5567Vendor Advisory
- http://support.apple.com/kb/HT5598
- http://www.securityfocus.com/bid/56361
- http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html
- http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://secunia.com/advisories/51445
- http://support.apple.com/kb/HT5567Vendor Advisory
- http://support.apple.com/kb/HT5598
- http://www.securityfocus.com/bid/56361
FAQ
What is CVE-2012-3749?
CVE-2012-3749 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASL...
How severe is CVE-2012-3749?
CVE-2012-3749 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3749?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.