You are here

V-115: Apple iOS Bugs Let Local Users Gain Elevated Privileges

March 20, 2013 - 12:08am

Addthis

PROBLEM:

Apple iOS Bugs Let Local Users Gain Elevated Privileges

PLATFORM:

Version(s): prior to 6.1.3

ABSTRACT:

Several vulnerabilities were reported in Apple iOS

REFERENCE LINKS:

Apple security Article: HT1222
SecurityTracker Alert ID:  1028314
CVE-2013-0977
CVE-2013-0978
CVE-2013-0979
CVE-2013-0981
 

IMPACT ASSESSMENT:

High

DISCUSSION:

A local user can exploit a flaw in the handling of Mach-O executable files with overlapping segments to execute unsigned code on the target system [CVE-2013-0977].

A local user can exploit a flaw in the ARM prefetch abort handling to determine the address of structures in the kernel [CVE-2013-0978].

A local user can conduct a symlink attack on files restore by backup using Lockdown to modify permissions on target files [CVE-2013-0979].

A local user can exploit a flaw in the IOUSBDeviceFamily driver to execute arbitrary code with kernel level privileges [CVE-2013-0981].

IMPACT:

A local user can obtain elevated privileges on the target system.

SOLUTION:

The vendor has issued a fix (iOS 6.1.3)

Addthis