Sign-up

ID

VAR-201111-0223


CVE

CVE-2011-3440


TITLE

Apple iOS of Passcode Lock Data access vulnerabilities in functionality

Trust: 0.8

sources: JVNDB: JVNDB-2011-002838

DESCRIPTION

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. Apple iPad is prone to a local security-bypass vulnerability. An attacker with physical access to the affected device can exploit this issue to access user data not protected by Data Protection feature. Apple iOS 4.3 through 5.0 for iPad 2 are vulberable. Vulnerabilities exist in versions prior to Apple iOS 5.0.1 based on the iPad 2 platform. ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Apple iOS for iPad Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46836 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user's device. SOLUTION: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-3440 // JVNDB: JVNDB-2011-002838 // BID: 50640 // VULHUB: VHN-51385 // PACKETSTORM: 106874

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:4.2.9

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:ipad2scope:eqversion:*

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:eqversion:4.3 to 5.0 (ipad 2 for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 0.6

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:neversion:5.0.1

Trust: 0.3

sources: BID: 50640 // JVNDB: JVNDB-2011-002838 // CNNVD: CNNVD-201111-237 // NVD: CVE-2011-3440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3440
value: LOW

Trust: 1.0

NVD: CVE-2011-3440
value: LOW

Trust: 0.8

CNNVD: CNNVD-201111-237
value: LOW

Trust: 0.6

VULHUB: VHN-51385
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2011-3440
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51385
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51385 // JVNDB: JVNDB-2011-002838 // CNNVD: CNNVD-201111-237 // NVD: CVE-2011-3440

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-51385 // JVNDB: JVNDB-2011-002838 // NVD: CVE-2011-3440

THREAT TYPE

local

Trust: 0.9

sources: BID: 50640 // CNNVD: CNNVD-201111-237

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201111-237

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002838

PATCH
title:HT5052url:http://support.apple.com/kb/HT5052
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-002838

EXTERNAL IDS
db:NVDid:CVE-2011-3440
Trust: 2.8
db:JVNDBid:JVNDB-2011-002838
Trust: 0.8
db:CNNVDid:CNNVD-201111-237
Trust: 0.7
db:SECUNIAid:46836
Trust: 0.7
db:APPLEid:APPLE-SA-2011-11-10-1
Trust: 0.6
db:NSFOCUSid:18172
Trust: 0.6
db:BIDid:50640
Trust: 0.4
db:VULHUBid:VHN-51385
Trust: 0.1
db:PACKETSTORMid:106874
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51385 // 
            
            
            
            BID: 50640 // 
            
            
            
            JVNDB: JVNDB-2011-002838 // 
            
            
            
            PACKETSTORM: 106874 // 
            
            
            
            CNNVD: CNNVD-201111-237 // 
            
            
            
            NVD: CVE-2011-3440

REFERENCES
url:http://support.apple.com/kb/ht5052
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2011/nov/msg00001.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3440
Trust: 0.8
url:http://jvn.jp/cert/jvnvu988283
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3440
Trust: 0.8
url:http://secunia.com/advisories/46836
Trust: 0.6
url:http://www.nsfocus.net/vulndb/18172
Trust: 0.6
url:http://www.apple.com/ios/
Trust: 0.3
url:http://secunia.com/advisories/46836/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46836
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/resources/events/sc_2011/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/46836/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51385 // 
            
            
            
            BID: 50640 // 
            
            
            
            JVNDB: JVNDB-2011-002838 // 
            
            
            
            PACKETSTORM: 106874 // 
            
            
            
            CNNVD: CNNVD-201111-237 // 
            
            
            
            NVD: CVE-2011-3440

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 50640

SOURCES
db:VULHUBid:VHN-51385
db:BIDid:50640
db:JVNDBid:JVNDB-2011-002838
db:PACKETSTORMid:106874
db:CNNVDid:CNNVD-201111-237
db:NVDid:CVE-2011-3440

LAST UPDATE DATE
2025-04-11T21:25:06.152000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51385date:2011-11-15T00:00:00
db:BIDid:50640date:2011-11-10T00:00:00
db:JVNDBid:JVNDB-2011-002838date:2011-11-15T00:00:00
db:CNNVDid:CNNVD-201111-237date:2011-11-14T00:00:00
db:NVDid:CVE-2011-3440date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-51385date:2011-11-11T00:00:00
db:BIDid:50640date:2011-11-10T00:00:00
db:JVNDBid:JVNDB-2011-002838date:2011-11-15T00:00:00
db:PACKETSTORMid:106874date:2011-11-11T04:46:32
db:CNNVDid:CNNVD-201111-237date:2011-11-14T00:00:00
db:NVDid:CVE-2011-3440date:2011-11-11T18:55:01.240