Details of VAR-201209-0377

ID

VAR-201209-0377

CVE

CVE-2012-3738

TITLE

Apple iOS 6 Vulnerability that bypasses access restrictions in less than passcode lock implementation

Trust: 0.8

sources: JVNDB: JVNDB-2012-004540

DESCRIPTION

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security weakness. An attacker with physical access to the affected device can exploit this issue to perform unauthorized actions and access user information. Note: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2012-3738 // JVNDB: JVNDB-2012-004540 // BID: 56276 // VULHUB: VHN-57019

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	5.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	1.1.5-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	2.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	1.1.5-	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3

sources: BID: 56276 // JVNDB: JVNDB-2012-004540 // CNNVD: CNNVD-201209-459 // NVD: CVE-2012-3738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3738
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3738
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201209-459
value:	LOW
Trust: 0.6
VULHUB:	VHN-57019
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3738
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57019
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57019 // JVNDB: JVNDB-2012-004540 // CNNVD: CNNVD-201209-459 // NVD: CVE-2012-3738

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57019 // JVNDB: JVNDB-2012-004540 // NVD: CVE-2012-3738

THREAT TYPE

local

Trust: 0.9

sources: BID: 56276 // CNNVD: CNNVD-201209-459

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201209-459

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004540

PATCH

title:	APPLE-SA-2012-09-19-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004540

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3738	Trust: 2.8
db:	OSVDB	id:	85620	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004540	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-459	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-19-1	Trust: 0.6
db:	BID	id:	56276	Trust: 0.4
db:	VULHUB	id:	VHN-57019	Trust: 0.1

sources: VULHUB: VHN-57019 // BID: 56276 // JVNDB: JVNDB-2012-004540 // CNNVD: CNNVD-201209-459 // NVD: CVE-2012-3738

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5503	Trust: 1.7
url:	http://osvdb.org/85620	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3738	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3738	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-57019 // BID: 56276 // JVNDB: JVNDB-2012-004540 // CNNVD: CNNVD-201209-459 // NVD: CVE-2012-3738

CREDITS

Ade Barkah of BlueWax Inc

Trust: 0.3

sources: BID: 56276

SOURCES

db:	VULHUB	id:	VHN-57019
db:	BID	id:	56276
db:	JVNDB	id:	JVNDB-2012-004540
db:	CNNVD	id:	CNNVD-201209-459
db:	NVD	id:	CVE-2012-3738

LAST UPDATE DATE

2025-04-11T20:38:04.496000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57019	date:	2013-03-26T00:00:00
db:	BID	id:	56276	date:	2015-03-19T09:14:00
db:	JVNDB	id:	JVNDB-2012-004540	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-459	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3738	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57019	date:	2012-09-20T00:00:00
db:	BID	id:	56276	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004540	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-459	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3738	date:	2012-09-20T21:55:04.093