Sign-up

ID

VAR-201309-0418


CVE

CVE-2013-5158


TITLE

Apple iOS of Social Vulnerabilities that can capture important information in subsystems

Trust: 0.8

sources: JVNDB: JVNDB-2013-004249

DESCRIPTION

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. Apple iOS for iPhone, iPod touch, and iPad is prone to an information-disclosure vulnerability. Local attackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in the Social subsystem in Apple iOS 6.1.4 and earlier versions

Trust: 1.98

sources: NVD: CVE-2013-5158 // JVNDB: JVNDB-2013-004249 // BID: 62532 // VULHUB: VHN-65160

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:7

Trust: 0.3

sources: BID: 62532 // JVNDB: JVNDB-2013-004249 // CNNVD: CNNVD-201309-344 // NVD: CVE-2013-5158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5158
value: LOW

Trust: 1.0

NVD: CVE-2013-5158
value: LOW

Trust: 0.8

CNNVD: CNNVD-201309-344
value: LOW

Trust: 0.6

VULHUB: VHN-65160
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5158
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65160
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65160 // JVNDB: JVNDB-2013-004249 // CNNVD: CNNVD-201309-344 // NVD: CVE-2013-5158

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65160 // JVNDB: JVNDB-2013-004249 // NVD: CVE-2013-5158

THREAT TYPE

local

Trust: 0.9

sources: BID: 62532 // CNNVD: CNNVD-201309-344

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-344

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004249

PATCH
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004249

EXTERNAL IDS
db:NVDid:CVE-2013-5158
Trust: 2.8
db:SECTRACKid:1029054
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNDBid:JVNDB-2013-004249
Trust: 0.8
db:CNNVDid:CNNVD-201309-344
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62532
Trust: 0.4
db:VULHUBid:VHN-65160
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65160 // 
            
            
            
            BID: 62532 // 
            
            
            
            JVNDB: JVNDB-2013-004249 // 
            
            
            
            CNNVD: CNNVD-201309-344 // 
            
            
            
            NVD: CVE-2013-5158

REFERENCES
url:http://support.apple.com/kb/ht5934
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.7
url:http://www.securitytracker.com/id/1029054
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5158
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5158
Trust: 0.8
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65160 // 
            
            
            
            BID: 62532 // 
            
            
            
            JVNDB: JVNDB-2013-004249 // 
            
            
            
            CNNVD: CNNVD-201309-344 // 
            
            
            
            NVD: CVE-2013-5158

CREDITS
Jonathan Zdziarski
Trust: 0.3
sources:
            
            
            BID: 62532

SOURCES
db:VULHUBid:VHN-65160
db:BIDid:62532
db:JVNDBid:JVNDB-2013-004249
db:CNNVDid:CNNVD-201309-344
db:NVDid:CVE-2013-5158

LAST UPDATE DATE
2025-04-11T20:58:45.052000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65160date:2013-10-22T00:00:00
db:BIDid:62532date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004249date:2013-10-24T00:00:00
db:CNNVDid:CNNVD-201309-344date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5158date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65160date:2013-09-19T00:00:00
db:BIDid:62532date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004249date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-344date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5158date:2013-09-19T10:28:01.087