CVE-2013-0978

Apple iOS <6.1.3 & Apple TV <5.2.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5702
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5704

Scores

EPSS 0.0035
EPSS Percentile 27.3%

Details

CWE
CWE-200
Status published
Products (30)
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0 (2 CPE variants)
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2 (2 CPE variants)
apple/iphone_os 1.1.3 (2 CPE variants)
apple/iphone_os 1.1.4 (2 CPE variants)
apple/iphone_os 1.1.5 (2 CPE variants)
apple/iphone_os 2.0
... and 20 more
Published Mar 20, 2013
Tracked Since Feb 18, 2026