CVE-2012-3749Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 34.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Iphone OS
Timeline
PublishedNov 3
Latest updateMay 17

Description

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/iphone_os6.0+40

🔴Vulnerability Details

1
GHSA
GHSA-pv3w-hvwc-hr63: The extensions APIs in the kernel in Apple iOS before 62022-05-17
CVE-2012-3749 — Sensitive Information Exposure in Apple | cvebase