Sign-up

ID

VAR-201209-0380


CVE

CVE-2012-3741


TITLE

Apple iOS 6 In the implementation of restrictions less than Apple ID Vulnerabilities that bypass the authentication step

Trust: 0.8

sources: JVNDB: JVNDB-2012-004547

DESCRIPTION

The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. Successful exploits can allow an attacker with physical access to a vulnerable device to perform unauthorized actions or obtain sensitive information. NOTE: This issue was previously discussed in BID 55612 (Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A vulnerability exists in Apple's implementation of Restrictions (aka Parental Controls) in versions prior to iOS 6

Trust: 1.98

sources: NVD: CVE-2012-3741 // JVNDB: JVNDB-2012-004547 // BID: 56260 // VULHUB: VHN-57022

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:6 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (iphone 3gs or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (ipod touch first 4 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iphone ipadscope:eqversion:3.2.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.2-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.2-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1.3-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1.3-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1.2-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1.2-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

sources: BID: 56260 // JVNDB: JVNDB-2012-004547 // CNNVD: CNNVD-201209-462 // NVD: CVE-2012-3741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3741
value: LOW

Trust: 1.0

NVD: CVE-2012-3741
value: LOW

Trust: 0.8

CNNVD: CNNVD-201209-462
value: LOW

Trust: 0.6

VULHUB: VHN-57022
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2012-3741
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57022
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57022 // JVNDB: JVNDB-2012-004547 // CNNVD: CNNVD-201209-462 // NVD: CVE-2012-3741

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-57022 // JVNDB: JVNDB-2012-004547 // NVD: CVE-2012-3741

THREAT TYPE

local

Trust: 0.9

sources: BID: 56260 // CNNVD: CNNVD-201209-462

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201209-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004547

PATCH
title:APPLE-SA-2012-09-19-1url:http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004547

EXTERNAL IDS
db:NVDid:CVE-2012-3741
Trust: 2.8
db:JVNDBid:JVNDB-2012-004547
Trust: 0.8
db:CNNVDid:CNNVD-201209-462
Trust: 0.7
db:APPLEid:APPLE-SA-2012-09-19-1
Trust: 0.6
db:BIDid:56260
Trust: 0.4
db:VULHUBid:VHN-57022
Trust: 0.1
sources:
            
            
            VULHUB: VHN-57022 // 
            
            
            
            BID: 56260 // 
            
            
            
            JVNDB: JVNDB-2012-004547 // 
            
            
            
            CNNVD: CNNVD-201209-462 // 
            
            
            
            NVD: CVE-2012-3741

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html
Trust: 1.7
url:http://support.apple.com/kb/ht5503
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/78721
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3741
Trust: 0.8
url:http://jvn.jp/cert/jvnvu624491/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3741
Trust: 0.8
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-57022 // 
            
            
            
            BID: 56260 // 
            
            
            
            JVNDB: JVNDB-2012-004547 // 
            
            
            
            CNNVD: CNNVD-201209-462 // 
            
            
            
            NVD: CVE-2012-3741

CREDITS
Kevin Makens of Redwood High School
Trust: 0.3
sources:
            
            
            BID: 56260

SOURCES
db:VULHUBid:VHN-57022
db:BIDid:56260
db:JVNDBid:JVNDB-2012-004547
db:CNNVDid:CNNVD-201209-462
db:NVDid:CVE-2012-3741

LAST UPDATE DATE
2025-04-11T21:21:06.608000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-57022date:2017-08-29T00:00:00
db:BIDid:56260date:2015-03-19T09:16:00
db:JVNDBid:JVNDB-2012-004547date:2012-09-24T00:00:00
db:CNNVDid:CNNVD-201209-462date:2012-09-24T00:00:00
db:NVDid:CVE-2012-3741date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-57022date:2012-09-20T00:00:00
db:BIDid:56260date:2012-09-19T00:00:00
db:JVNDBid:JVNDB-2012-004547date:2012-09-24T00:00:00
db:CNNVDid:CNNVD-201209-462date:2012-09-24T00:00:00
db:NVDid:CVE-2012-3741date:2012-09-20T21:55:04.297