CVE-2011-1418 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 49.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple TV

Timeline

PublishedMar 11

Latest updateMay 14

Description

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDapple/tvos3.0.2+6

▶NVDapple/iphone_os4.2+29

▶NVDapple/apple_tv4.0

🔴Vulnerability Details

GHSA

GHSA-785p-4249-4jf9: The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4↗2022-05-14

▶

CVEList

CVE-2011-1418: The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4↗2011-03-11

▶