Denial of Service Vulnerability in iOS 5.x and 6.x on Apple iPad
CVE-2013-3955

Currently unrated

Key Information:

Vendor: Apple
Status: iPhone OS; Ipad; Ipad Mini; Ipad2
Vendor: CVE Published:; 5 June 2013

What is CVE-2013-3955?

The vulnerability exists in the get_xattrinfo function within the XNU kernel on Apple iOS versions 5.x and 6.x up to 6.1.3. It fails to adequately validate the headers of AppleDouble files, which could be exploited by local users to trigger a denial of service, potentially causing memory corruption or other unspecified impacts when interacting with an msdosfs filesystem. This flaw poses risks to the stability and security of affected devices.

References

http://www.syscan.org/index.php/sg/program/day/2

x_refsource_MISC

http://www.securitytracker.com/id/1029054

vdb-entryx_refsource_SECTRACK

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2013
Vulnerability Reserved
Jun 5, 2013