CVE-2011-1418
iPhone OS < 4.2 and Apple TV < 4.2 - User Tracking via IPv6 SLAAC MAC Address Exposure
Title source: llmDescription
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4565
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
Scores
EPSS
0.0146
EPSS Percentile
70.5%
Details
CWE
CWE-200
Status
published
Products (38)
apple/apple_tv
4.0
apple/iphone_os
1.0.0
apple/iphone_os
1.0.1
apple/iphone_os
1.0.2
apple/iphone_os
1.1.0
apple/iphone_os
1.1.1
apple/iphone_os
1.1.2
apple/iphone_os
1.1.3
apple/iphone_os
1.1.4
apple/iphone_os
1.1.5
... and 28 more
Published
Mar 11, 2011
Tracked Since
Feb 18, 2026