CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.6 | $0-$5k | 0.00 |
A vulnerability was found in Apple iOS up to 1.1.1 (Smartphone Operating System). It has been rated as critical. This issue affects some unknown functionality of the component Packet Filter. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
The weakness was disclosed 11/26/2010 with Apple (Website). It is possible to read the advisory at lists.apple.com. The identification of this vulnerability is CVE-2010-3830 since 10/07/2010. The exploitation is known to be easy. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
A public exploit has been developed in ANSI C. The exploit is available at securityfocus.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $100k and more.
Upgrading to version 1.1.2 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (63419), Exploit-DB (35010), SecurityFocus (BID 45010†), Secunia (SA42314†) and SecurityTracker (ID 1024772†). The entries VDB-4219, VDB-53770, VDB-55549 and VDB-55548 are pretty similar.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.4VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.4
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: iOS 1.1.2
Timeline
10/07/2010 🔍11/22/2010 🔍
11/22/2010 🔍
11/23/2010 🔍
11/23/2010 🔍
11/26/2010 🔍
11/26/2010 🔍
12/23/2014 🔍
03/19/2015 🔍
09/29/2024 🔍
Sources
Vendor: apple.comAdvisory: lists.apple.com
Organization: Apple
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2010-3830 (🔍)
X-Force: 63419
SecurityFocus: 45010 - Apple iOS Networking Packet Filter Rules Local Privilege Escalation Vulnerability
Secunia: 42314 - Apple iOS Multiple Vulnerabilities, Highly Critical
SecurityTracker: 1024772 - Apple iOS Packet Filter Rule Processing Invalid Pointer Reference Lets Local Users Gain Elevated Privileges
Vulnerability Center: 47790 - Apple iOS <4.2 Networking Local Privilege Escalation Vulnerability, High
Vupen: ADV-2010-3046
scip Labs: https://www.scip.ch/en/?labs.20150917
See also: 🔍
Entry
Created: 03/19/2015 02:37 PMUpdated: 09/29/2024 03:59 PM
Changes: 03/19/2015 02:37 PM (63), 06/16/2017 04:34 AM (15), 09/29/2024 03:59 PM (17)
Complete: 🔍
Cache ID: 18:148:40
No comments yet. Languages: en.
Please log in to comment.