Details of VAR-201209-0379

ID

VAR-201209-0379

CVE

CVE-2012-3740

TITLE

Apple iOS 6 Vulnerabilities that can bypass passcode requests in less than passcode lock implementations

Trust: 0.8

sources: JVNDB: JVNDB-2012-004546

DESCRIPTION

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. Successful exploits can allow an attacker with physical access to a vulnerable device to perform unauthorized actions or obtain sensitive information NOTE: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A proximity attacker could exploit this vulnerability to bypass certain password requirements via an unidentified vector

Trust: 2.07

sources: NVD: CVE-2012-3740 // JVNDB: JVNDB-2012-004546 // BID: 56257 // VULHUB: VHN-57021 // VULMON: CVE-2012-3740

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3

sources: BID: 56257 // JVNDB: JVNDB-2012-004546 // CNNVD: CNNVD-201209-461 // NVD: CVE-2012-3740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3740
value:	LOW
Trust: 1.0
NVD:	CVE-2012-3740
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201209-461
value:	LOW
Trust: 0.6
VULHUB:	VHN-57021
value:	LOW
Trust: 0.1
VULMON:	CVE-2012-3740
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-3740
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-57021
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57021 // VULMON: CVE-2012-3740 // JVNDB: JVNDB-2012-004546 // CNNVD: CNNVD-201209-461 // NVD: CVE-2012-3740

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57021 // JVNDB: JVNDB-2012-004546 // NVD: CVE-2012-3740

THREAT TYPE

local

Trust: 0.9

sources: BID: 56257 // CNNVD: CNNVD-201209-461

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201209-461

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004546

PATCH

title:	APPLE-SA-2012-09-19-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004546

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3740	Trust: 2.9
db:	JVNDB	id:	JVNDB-2012-004546	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-461	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-19-1	Trust: 0.6
db:	BID	id:	56257	Trust: 0.5
db:	VULHUB	id:	VHN-57021	Trust: 0.1
db:	VULMON	id:	CVE-2012-3740	Trust: 0.1

sources: VULHUB: VHN-57021 // VULMON: CVE-2012-3740 // BID: 56257 // JVNDB: JVNDB-2012-004546 // CNNVD: CNNVD-201209-461 // NVD: CVE-2012-3740

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 2.1
url:	http://support.apple.com/kb/ht5503	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3740	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3740	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/56257	Trust: 0.1

sources: VULHUB: VHN-57021 // VULMON: CVE-2012-3740 // BID: 56257 // JVNDB: JVNDB-2012-004546 // CNNVD: CNNVD-201209-461 // NVD: CVE-2012-3740

CREDITS

Ian Vitek of 2Secure AB

Trust: 0.3

sources: BID: 56257

SOURCES

db:	VULHUB	id:	VHN-57021
db:	VULMON	id:	CVE-2012-3740
db:	BID	id:	56257
db:	JVNDB	id:	JVNDB-2012-004546
db:	CNNVD	id:	CNNVD-201209-461
db:	NVD	id:	CVE-2012-3740

LAST UPDATE DATE

2025-04-11T21:21:17.112000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57021	date:	2012-09-21T00:00:00
db:	VULMON	id:	CVE-2012-3740	date:	2012-09-21T00:00:00
db:	BID	id:	56257	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004546	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-461	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3740	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57021	date:	2012-09-20T00:00:00
db:	VULMON	id:	CVE-2012-3740	date:	2012-09-20T00:00:00
db:	BID	id:	56257	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004546	date:	2012-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201209-461	date:	2012-09-24T00:00:00
db:	NVD	id:	CVE-2012-3740	date:	2012-09-20T21:55:04.250