Sign-up

ID

VAR-201006-0327


CVE

CVE-2010-1775


TITLE

Apple iOS of Passcode lock arbitrary data access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001678

DESCRIPTION

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 41047 Apple iPhone and iPod touch Application Sandbox User Photo Library Security Bypass Vulnerability 41048 Apple iPhone/iPod touch Prior to iOS 4 Wireless Network Security Weakness 41049 Apple iPhone/iPod touch Prior to iOS 4 URI Stack Based Buffer Overflow Vulnerability 41051 WebKit 'history.replaceState' Cross-Origin Information Disclosure Vulnerability 41052 Apple iPhone/iPod touch Prior to iOS 4 JPEG File Buffer Overflow Vulnerability 41053 WebKit 'JavaScriptCore' Page Transition Remote Code Execution Vulnerability 41054 WebKit Table Handling Remote Code Execution Vulnerability 41065 Apple iPhone/iPod touch Prior to iOS 4 Safari Security Bypass Vulnerability 41066 Apple iPhone and iPod touch Race Condition Security Bypass Vulnerability 41067 Apple iPhone/iPod touch Prior to iOS 4 Passcode Lock Authentication Bypass Vulnerability 41068 WebKit User Interface Cross Domain Spoofing Vulnerability. Apple iOS is an operating system developed by Apple Inc. for the iPhone

Trust: 2.25

sources: NVD: CVE-2010-1775 // JVNDB: JVNDB-2010-001678 // BID: 41066 // BID: 41016 // VULHUB: VHN-44380

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iosscope:eqversion:2.0 to 3.1.3

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:2.1 to 3.1.3

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iosscope:neversion:4

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

sources: BID: 41066 // BID: 41016 // JVNDB: JVNDB-2010-001678 // CNNVD: CNNVD-201006-368 // NVD: CVE-2010-1775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1775
value: LOW

Trust: 1.0

NVD: CVE-2010-1775
value: LOW

Trust: 0.8

CNNVD: CNNVD-201006-368
value: LOW

Trust: 0.6

VULHUB: VHN-44380
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2010-1775
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44380
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44380 // JVNDB: JVNDB-2010-001678 // CNNVD: CNNVD-201006-368 // NVD: CVE-2010-1775

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-44380 // JVNDB: JVNDB-2010-001678 // NVD: CVE-2010-1775

THREAT TYPE

local

Trust: 0.9

sources: BID: 41066 // CNNVD: CNNVD-201006-368

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201006-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001678

PATCH
title:HT4225url:http://support.apple.com/kb/HT4225
Trust: 0.8
title:HT4225url:http://support.apple.com/kb/HT4225?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001678

EXTERNAL IDS
db:NVDid:CVE-2010-1775
Trust: 2.8
db:BIDid:41016
Trust: 2.0
db:XFid:59637
Trust: 0.8
db:JVNDBid:JVNDB-2010-001678
Trust: 0.8
db:CNNVDid:CNNVD-201006-368
Trust: 0.7
db:BIDid:41066
Trust: 0.4
db:VULHUBid:VHN-44380
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44380 // 
            
            
            
            BID: 41066 // 
            
            
            
            BID: 41016 // 
            
            
            
            JVNDB: JVNDB-2010-001678 // 
            
            
            
            CNNVD: CNNVD-201006-368 // 
            
            
            
            NVD: CVE-2010-1775

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html
Trust: 1.7
url:http://www.securityfocus.com/bid/41016
Trust: 1.7
url:http://support.apple.com/kb/ht4225
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/59637
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1775
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/59637
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1775
Trust: 0.8
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-44380 // 
            
            
            
            BID: 41066 // 
            
            
            
            BID: 41016 // 
            
            
            
            JVNDB: JVNDB-2010-001678 // 
            
            
            
            CNNVD: CNNVD-201006-368 // 
            
            
            
            NVD: CVE-2010-1775

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 41066

SOURCES
db:VULHUBid:VHN-44380
db:BIDid:41066
db:BIDid:41016
db:JVNDBid:JVNDB-2010-001678
db:CNNVDid:CNNVD-201006-368
db:NVDid:CVE-2010-1775

LAST UPDATE DATE
2024-11-23T21:21:54.629000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44380date:2017-08-17T00:00:00
db:BIDid:41066date:2010-06-21T00:00:00
db:BIDid:41016date:2010-06-23T16:08:00
db:JVNDBid:JVNDB-2010-001678date:2010-07-14T00:00:00
db:CNNVDid:CNNVD-201006-368date:2022-08-10T00:00:00
db:NVDid:CVE-2010-1775date:2024-11-21T01:15:10.513

SOURCES RELEASE DATE
db:VULHUBid:VHN-44380date:2010-06-22T00:00:00
db:BIDid:41066date:2010-06-21T00:00:00
db:BIDid:41016date:2010-06-21T00:00:00
db:JVNDBid:JVNDB-2010-001678date:2010-07-14T00:00:00
db:CNNVDid:CNNVD-201006-368date:2010-06-24T00:00:00
db:NVDid:CVE-2010-1775date:2010-06-22T20:30:01.727