Details of VAR-201209-0374

ID

VAR-201209-0374

CVE

CVE-2012-3735

TITLE

Apple iOS 6 Vulnerabilities that allow you to view third-party applications used in the implementation of less than passcode lock

Trust: 0.8

sources: JVNDB: JVNDB-2012-004528

DESCRIPTION

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security weakness. An attacker with physical access to the affected device can exploit this issue to access user information. NOTE: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2012-3735 // JVNDB: JVNDB-2012-004528 // BID: 56270 // VULHUB: VHN-57016

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	1.1.5-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	1.1.5-	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3

sources: BID: 56270 // JVNDB: JVNDB-2012-004528 // CNNVD: CNNVD-201209-456 // NVD: CVE-2012-3735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3735
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3735
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201209-456
value:	LOW
Trust: 0.6
VULHUB:	VHN-57016
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3735
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57016
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57016 // JVNDB: JVNDB-2012-004528 // CNNVD: CNNVD-201209-456 // NVD: CVE-2012-3735

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-57016 // JVNDB: JVNDB-2012-004528 // NVD: CVE-2012-3735

THREAT TYPE

local

Trust: 0.9

sources: BID: 56270 // CNNVD: CNNVD-201209-456

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201209-456

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004528

PATCH

title:	APPLE-SA-2012-09-19-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004528

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3735	Trust: 2.8
db:	OSVDB	id:	85640	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004528	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-456	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-19-1	Trust: 0.6
db:	BID	id:	56270	Trust: 0.4
db:	VULHUB	id:	VHN-57016	Trust: 0.1

sources: VULHUB: VHN-57016 // BID: 56270 // JVNDB: JVNDB-2012-004528 // CNNVD: CNNVD-201209-456 // NVD: CVE-2012-3735

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5503	Trust: 1.7
url:	http://osvdb.org/85640	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78683	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3735	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3735	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-57016 // BID: 56270 // JVNDB: JVNDB-2012-004528 // CNNVD: CNNVD-201209-456 // NVD: CVE-2012-3735

CREDITS

Ian Vitek of 2Secure AB

Trust: 0.3

sources: BID: 56270

SOURCES

db:	VULHUB	id:	VHN-57016
db:	BID	id:	56270
db:	JVNDB	id:	JVNDB-2012-004528
db:	CNNVD	id:	CNNVD-201209-456
db:	NVD	id:	CVE-2012-3735

LAST UPDATE DATE

2025-04-11T20:30:52.023000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57016	date:	2017-08-29T00:00:00
db:	BID	id:	56270	date:	2015-03-19T08:46:00
db:	JVNDB	id:	JVNDB-2012-004528	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-456	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3735	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57016	date:	2012-09-20T00:00:00
db:	BID	id:	56270	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004528	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-456	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3735	date:	2012-09-20T21:55:03.827