|
|
|
|
| |
Credit:
The information has been provided by Mark Dowd,Anton Tsviatkou,Joost Pol and Daan Keuper ,Pinkie Pie.
|
| |
Vulnerable Systems:
* Apple iOS 6.0.1.
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes.
An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.
CVE Information:
CVE-2012-3750
CVE-2012-3749
CVE-2012-3748
CVE-2012-5112
Disclosure Timeline:
Published: November 01 2012
|
|
|
|
|
