CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
The mobile device is running a version of iOS that is older than version 6.0.1. This version contains security-related fixes for the following issues :
Kernel extension API responses containing an ‘OSBundleMachOHeaders’ key may include kernel addresses, which can aid in further attacks.
(CVE-2012-3749)
The lock screen can provide ‘Passbook’ data to an attacker having physical device access but not a passcode. (CVE-2012-3750)
A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)
A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)
Binary data apple_ios_601_check.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5112
lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
support.apple.com/en-us/HT201347