CVE-2012-3749

iPhone OS < 6.0.1 - ASLR Bypass via Kernel Address Exposure in Extensions API

Title source: llm
STIX 2.1

Description

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56361
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51445
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5567
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5598

Scores

EPSS 0.0223
EPSS Percentile 80.7%

Details

CWE
CWE-200
Status published
Products (41)
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2
apple/iphone_os 1.1.3
apple/iphone_os 1.1.4
apple/iphone_os 1.1.5
apple/iphone_os 2.0
... and 31 more
Published Nov 03, 2012
Tracked Since Feb 18, 2026