Vulnerability Description
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 6.1.2 |
| Apple | Tvos | <= 5.2.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.htmlVendor Advisory
- http://support.apple.com/kb/HT5702Vendor Advisory
- http://support.apple.com/kb/HT5704Vendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.htmlVendor Advisory
- http://support.apple.com/kb/HT5702Vendor Advisory
- http://support.apple.com/kb/HT5704Vendor Advisory
FAQ
What is CVE-2013-0978?
CVE-2013-0978 is a vulnerability with a CVSS score of 2.1 (LOW). The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to ...
How severe is CVE-2013-0978?
CVE-2013-0978 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0978?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Tvos.