PROBLEM:
Apple iOS Bugs Let Local Users Gain Elevated Privileges
PLATFORM:
Version(s): prior to 6.1.3
ABSTRACT:
Several vulnerabilities were reported in Apple iOS
REFERENCE LINKS:
Apple security Article: HT1222
SecurityTracker Alert ID: 1028314
CVE-2013-0977
CVE-2013-0978
CVE-2013-0979
CVE-2013-0981
IMPACT ASSESSMENT:
High
DISCUSSION:
A local user can exploit a flaw in the handling of Mach-O executable files with overlapping segments to execute unsigned code on the target system [CVE-2013-0977].
A local user can exploit a flaw in the ARM prefetch abort handling to determine the address of structures in the kernel [CVE-2013-0978].
A local user can conduct a symlink attack on files restore by backup using Lockdown to modify permissions on target files [CVE-2013-0979].
A local user can exploit a flaw in the IOUSBDeviceFamily driver to execute arbitrary code with kernel level privileges [CVE-2013-0981].
IMPACT:
A local user can obtain elevated privileges on the target system.