Details of VAR-201012-0047

ID

VAR-201012-0047

CVE

CVE-2010-4012

TITLE

Apple of iOS Vulnerable to password lock

Trust: 0.8

sources: JVNDB: JVNDB-2010-003300

DESCRIPTION

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. Apple iPhone is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can exploit this issue to bypass the passcode and make calls to numbers in the address book. The following iOS are vulnerable: iOS version 4.2 beta iOS version 4.1 iOS version 4.0

Trust: 1.98

sources: NVD: CVE-2010-4012 // JVNDB: JVNDB-2010-003300 // BID: 44419 // VULHUB: VHN-46617

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.6
vendor:	apple	model:	ios	scope:	eq	version:	4.0 to 4.1	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	4.2	Trust: 0.3

sources: BID: 44419 // JVNDB: JVNDB-2010-003300 // CNNVD: CNNVD-201012-101 // NVD: CVE-2010-4012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4012
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-4012
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201012-101
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-46617
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-4012
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-46617
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46617 // JVNDB: JVNDB-2010-003300 // CNNVD: CNNVD-201012-101 // NVD: CVE-2010-4012

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-46617 // JVNDB: JVNDB-2010-003300 // NVD: CVE-2010-4012

THREAT TYPE

local

Trust: 0.9

sources: BID: 44419 // CNNVD: CNNVD-201012-101

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201012-101

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003300

PATCH

title:

HT4456

url:

http://support.apple.com/kb/HT4456

Trust: 0.8

sources: JVNDB: JVNDB-2010-003300

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4012	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-003300	Trust: 0.8
db:	CNNVD	id:	CNNVD-201012-101	Trust: 0.7
db:	BID	id:	44419	Trust: 0.4
db:	VULHUB	id:	VHN-46617	Trust: 0.1

sources: VULHUB: VHN-46617 // BID: 44419 // JVNDB: JVNDB-2010-003300 // CNNVD: CNNVD-201012-101 // NVD: CVE-2010-4012

REFERENCES

url:	http://support.apple.com/kb/ht4456	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4012	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4012	Trust: 0.8
url:	http://www.apple.com	Trust: 0.3
url:	http://www.engadget.com/2010/10/25/ios-4-1-glitch-lets-you-bypass-lock-screen-to-access-phone-app/	Trust: 0.3
url:	http://forums.macrumors.com/showthread.php?t=1035879	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.9to5mac.com/32147/make-calls-from-locked-iphone-4s	Trust: 0.3

sources: VULHUB: VHN-46617 // BID: 44419 // JVNDB: JVNDB-2010-003300 // CNNVD: CNNVD-201012-101 // NVD: CVE-2010-4012

CREDITS

jordand321

Trust: 0.3

sources: BID: 44419

SOURCES

db:	VULHUB	id:	VHN-46617
db:	BID	id:	44419
db:	JVNDB	id:	JVNDB-2010-003300
db:	CNNVD	id:	CNNVD-201012-101
db:	NVD	id:	CVE-2010-4012

LAST UPDATE DATE

2025-04-11T23:15:37.534000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-46617	date:	2010-12-09T00:00:00
db:	BID	id:	44419	date:	2010-12-10T15:44:00
db:	JVNDB	id:	JVNDB-2010-003300	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-101	date:	2010-12-10T00:00:00
db:	NVD	id:	CVE-2010-4012	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-46617	date:	2010-12-08T00:00:00
db:	BID	id:	44419	date:	2010-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-003300	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201012-101	date:	2010-12-10T00:00:00
db:	NVD	id:	CVE-2010-4012	date:	2010-12-08T20:00:01.887