Sign-up

ID

VAR-201006-0314


CVE

CVE-2010-1754


TITLE

Apple iOS of Vulnerability that can bypass passcode request in passcode lock

Trust: 0.8

sources: JVNDB: JVNDB-2010-001677

DESCRIPTION

Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. An attacker with physical access to a locked device can exploit this issue to bypass the passcode and access the user's data. Apple iOS is an operating system developed by Apple Inc. for the iPhone. Attackers can use unknown vectors to bypass the login code passcode requirement

Trust: 2.34

sources: NVD: CVE-2010-1754 // JVNDB: JVNDB-2010-001677 // BID: 41016 // BID: 41067 // VULHUB: VHN-44359 // VULMON: CVE-2010-1754

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:4.0

Trust: 1.0

vendor:applemodel:iosscope:eqversion:2.0 to 3.1.3

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:2.1 to 3.1.3

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.6

vendor:applemodel:iosscope:neversion:4

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 0.6

sources: BID: 41016 // BID: 41067 // JVNDB: JVNDB-2010-001677 // CNNVD: CNNVD-201006-364 // NVD: CVE-2010-1754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1754
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1754
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-364
value: LOW

Trust: 0.6

VULHUB: VHN-44359
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-1754
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1754
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-44359
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44359 // VULMON: CVE-2010-1754 // JVNDB: JVNDB-2010-001677 // CNNVD: CNNVD-201006-364 // NVD: CVE-2010-1754

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-44359 // JVNDB: JVNDB-2010-001677 // NVD: CVE-2010-1754

THREAT TYPE

local

Trust: 0.9

sources: BID: 41067 // CNNVD: CNNVD-201006-364

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201006-364

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001677

PATCH
title:HT4225url:http://support.apple.com/kb/HT4225
Trust: 0.8
title:HT4225url:http://support.apple.com/kb/HT4225?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001677

EXTERNAL IDS
db:NVDid:CVE-2010-1754
Trust: 2.9
db:BIDid:41016
Trust: 2.1
db:XFid:59633
Trust: 0.8
db:JVNDBid:JVNDB-2010-001677
Trust: 0.8
db:CNNVDid:CNNVD-201006-364
Trust: 0.7
db:BIDid:41067
Trust: 0.5
db:VULHUBid:VHN-44359
Trust: 0.1
db:VULMONid:CVE-2010-1754
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44359 // 
            
            
            
            VULMON: CVE-2010-1754 // 
            
            
            
            BID: 41016 // 
            
            
            
            BID: 41067 // 
            
            
            
            JVNDB: JVNDB-2010-001677 // 
            
            
            
            CNNVD: CNNVD-201006-364 // 
            
            
            
            NVD: CVE-2010-1754

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html
Trust: 1.8
url:http://www.securityfocus.com/bid/41016
Trust: 1.8
url:http://support.apple.com/kb/ht4225
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/59633
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1754
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/59633
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1754
Trust: 0.8
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.6
url:http://www.apple.com/iphone/
Trust: 0.6
url:http://www.apple.com/ipodtouch/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/41067
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44359 // 
            
            
            
            VULMON: CVE-2010-1754 // 
            
            
            
            BID: 41016 // 
            
            
            
            BID: 41067 // 
            
            
            
            JVNDB: JVNDB-2010-001677 // 
            
            
            
            CNNVD: CNNVD-201006-364 // 
            
            
            
            NVD: CVE-2010-1754

CREDITS
Zac White; Laurent OUDOT of TEHTRI-Security; Ladd Van Tol of Critical Path Software; Apple; Jason Dent of Street Side Software; Sidney San Martin of DeepTech, Inc.; Wilfried Teiken; Darin Fisher of Google Inc.; Wayne Pan of AdMob, Inc.; wushi of team509.
Trust: 0.3
sources:
            
            
            BID: 41016

SOURCES
db:VULHUBid:VHN-44359
db:VULMONid:CVE-2010-1754
db:BIDid:41016
db:BIDid:41067
db:JVNDBid:JVNDB-2010-001677
db:CNNVDid:CNNVD-201006-364
db:NVDid:CVE-2010-1754

LAST UPDATE DATE
2024-11-23T20:04:16.779000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44359date:2018-11-16T00:00:00
db:VULMONid:CVE-2010-1754date:2022-08-09T00:00:00
db:BIDid:41016date:2010-06-23T16:08:00
db:BIDid:41067date:2010-06-23T15:08:00
db:JVNDBid:JVNDB-2010-001677date:2010-07-14T00:00:00
db:CNNVDid:CNNVD-201006-364date:2022-08-10T00:00:00
db:NVDid:CVE-2010-1754date:2024-11-21T01:15:07.767

SOURCES RELEASE DATE
db:VULHUBid:VHN-44359date:2010-06-22T00:00:00
db:VULMONid:CVE-2010-1754date:2010-06-22T00:00:00
db:BIDid:41016date:2010-06-21T00:00:00
db:BIDid:41067date:2010-06-21T00:00:00
db:JVNDBid:JVNDB-2010-001677date:2010-07-14T00:00:00
db:CNNVDid:CNNVD-201006-364date:2010-06-24T00:00:00
db:NVDid:CVE-2010-1754date:2010-06-22T20:30:01.617