CVE-2011-1418

iPhone OS < 4.2 and Apple TV < 4.2 - User Tracking via IPv6 SLAAC MAC Address Exposure

Title source: llm
STIX 2.1

Description

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4565
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html

Scores

EPSS 0.0146
EPSS Percentile 70.5%

Details

CWE
CWE-200
Status published
Products (38)
apple/apple_tv 4.0
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2
apple/iphone_os 1.1.3
apple/iphone_os 1.1.4
apple/iphone_os 1.1.5
... and 28 more
Published Mar 11, 2011
Tracked Since Feb 18, 2026