CVE-2010-3830

iPhone OS < 4.1 - Privilege Escalation via Packet Filter Rule Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3830. PoCs published by Apple.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Apple iOS by manipulating the `overload_tbl` field in the `DIOCADDRULE` ioctl handler to decrement arbitrary kernel memory, ultimately overwriting a syscall handler to achieve root privileges.

Description

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Apple · textlocalios

https://www.exploit-db.com/exploits/35010

View Code ZIP pw:eip

This exploit leverages a local privilege escalation vulnerability in Apple iOS by manipulating the `overload_tbl` field in the `DIOCADDRULE` ioctl handler to decrement arbitrary kernel memory, ultimately overwriting a syscall handler to achieve root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Apple iOS (versions affected by CVE-2010-3830)

No auth needed

Prerequisites: Local access to the device · Ability to execute arbitrary code on the device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024772

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3046

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/63419

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42314

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT4456

Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Scores

EPSS 0.0069

EPSS Percentile 48.1%

Details

CWE

CWE-264

Status published

Products (29)

apple/iphone_os 1.0.0

apple/iphone_os 1.0.1

apple/iphone_os 1.0.2

apple/iphone_os 1.1.0

apple/iphone_os 1.1.1

apple/iphone_os 1.1.2

apple/iphone_os 1.1.3

apple/iphone_os 1.1.4

apple/iphone_os 1.1.5

apple/iphone_os 2.0

... and 19 more

Published Nov 26, 2010

Tracked Since Feb 18, 2026