Details of VAR-201310-0481

ID

VAR-201310-0481

CVE

CVE-2013-5169

TITLE

Apple Mac OS X of CoreGraphics Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-004838

DESCRIPTION

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. Apple Mac OS X is prone to a local information-disclosure vulnerability. An attacker with physical access can exploit this issue to obtain sensitive information that may lead to further attacks. Note: This issue was previously covered in BID 63282(Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable. The vulnerability stems from a logic issue in CoreGraphics' handling of display sleep mode, resulting in data corruption. An attacker could exploit this vulnerability to see Windows through the lock screen

Trust: 1.98

sources: NVD: CVE-2013-5169 // JVNDB: JVNDB-2013-004838 // BID: 63336 // VULHUB: VHN-65171

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	lte	version:	10.8.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.9	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.9	Trust: 0.3

sources: BID: 63336 // JVNDB: JVNDB-2013-004838 // CNNVD: CNNVD-201310-580 // NVD: CVE-2013-5169

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5169
value:	LOW
Trust: 1.0
NVD:	CVE-2013-5169
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201310-580
value:	LOW
Trust: 0.6
VULHUB:	VHN-65171
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-5169
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65171
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65171 // JVNDB: JVNDB-2013-004838 // CNNVD: CNNVD-201310-580 // NVD: CVE-2013-5169

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65171 // JVNDB: JVNDB-2013-004838 // NVD: CVE-2013-5169

THREAT TYPE

local

Trust: 0.9

sources: BID: 63336 // CNNVD: CNNVD-201310-580

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-580

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004838

PATCH

title:	APPLE-SA-2013-10-22-3	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004838

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5169	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004838	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-580	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-3	Trust: 0.6
db:	BID	id:	63336	Trust: 0.4
db:	VULHUB	id:	VHN-65171	Trust: 0.1

sources: VULHUB: VHN-65171 // BID: 63336 // JVNDB: JVNDB-2013-004838 // CNNVD: CNNVD-201310-580 // NVD: CVE-2013-5169

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5169	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5169	Trust: 0.8
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-65171 // BID: 63336 // JVNDB: JVNDB-2013-004838 // CNNVD: CNNVD-201310-580 // NVD: CVE-2013-5169

CREDITS

Apple

Trust: 0.3

sources: BID: 63336

SOURCES

db:	VULHUB	id:	VHN-65171
db:	BID	id:	63336
db:	JVNDB	id:	JVNDB-2013-004838
db:	CNNVD	id:	CNNVD-201310-580
db:	NVD	id:	CVE-2013-5169

LAST UPDATE DATE

2025-04-11T20:41:59.209000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65171	date:	2013-10-25T00:00:00
db:	BID	id:	63336	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004838	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-580	date:	2013-11-08T00:00:00
db:	NVD	id:	CVE-2013-5169	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65171	date:	2013-10-24T00:00:00
db:	BID	id:	63336	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004838	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-580	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5169	date:	2013-10-24T03:48:49.050