CVSS: 7.5EPSS: 29%CPEs: 111EXPL: 1CVE-2012-3748 – (Mobile Pwn2Own) Apple Safari shiftCount/splice Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3748
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. Una condición de carrera en WebKit de Apple iOS antes de v6.0.1 y Safari antes de v6.0.2 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de la aplicación) a través de vectores relacionados con las matrices en JavaScript. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array objects. When splicing a sparse array, the size of a sparse array is not properly validated. • https://www.exploit-db.com/exploits/28081 http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0013.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html http://secunia.com/advisories/51445 http://support.apple.com/kb/HT5567 http://support.apple.co • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3734
https://notcve.org/view.php?id=CVE-2012-3734
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. Office Viewer en Apple iOS anterior a v6 crea documentos en texto claro a un archivo temporal, lo que podría permitir a usuarios locales evitar (1)el acceso a documentos protegidos (2)conocer el estado de cifrado leyento el contenido temporal. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85642 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78709 • CWE-310: Cryptographic Issues •
CVSS: 6.4EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3732
https://notcve.org/view.php?id=CVE-2012-3732
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. Mail en Apple iOS anterior a v6 utiliza una dirección "desde" del tipo S/MIME para mostrar la dirección de envío, lo que permite a atacantes remotos suplantar el contenido firmado a través de un correo en el que el campo "From" (desde) no valida la identidad del firmante. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85625 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78719 • CWE-310: Cryptographic Issues •
CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3729
https://notcve.org/view.php?id=CVE-2012-3729
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. El interprete BPF (Berkeley Packet Filter) en el kernel de Apple iOS anterior a v6 acceder a regiones de memoria sin inicializar, lo que permite a usuarios locales obtener información sensible acerca de la memoria del kernel a través de un programa manipulado que utiliza la interfaz BPF. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85627 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78724 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3744
https://notcve.org/view.php?id=CVE-2012-3744
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. Telephony en Apple iOS antes de v6 utiliza la dirección de retorno de mensaje SMS como dirección de remitente muestra, lo que permite a atacantes remotos falsear las comunicaciones de texto en las que la dirección de retorno no coincide con la dirección de origen. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85622 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78687 •