CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
apple | watchos | * | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
apple | iphone_os | 6.1.3 | cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:* |
apple | mac_os_x | 10.8.0 | cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:* |
apple | mac_os_x | 10.8.1 | cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:* |
apple | mac_os_x | 10.8.2 | cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:* |
apple | mac_os_x | 10.8.3 | cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:* |
apple | mac_os_x | 10.8.4 | cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:* |
antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
www.securitytracker.com/id/1033703
www.syscan.org/index.php/sg/program/day/2
support.apple.com/HT205212
support.apple.com/HT205213
support.apple.com/HT205267