Design/Logic Flaw

2010-11-2620:00:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.2%

JSON

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

CPENameOperatorVersion
iphone_oseq3.0
iphone_oseq3.2
iphone_oseq3.1.3
iphone_oseq1.0.2
iphone_oseq4.0.2
iphone_oseq2.2
iphone_oseq1.1.1
iphone_osle4.1
iphone_oseq2.0.0
iphone_oseq3.1.2

Name	Operator	Version
iphone_os	eq	3.0
iphone_os	eq	3.2
iphone_os	eq	3.1.3
iphone_os	eq	1.0.2
iphone_os	eq	4.0.2
iphone_os	eq	2.2
iphone_os	eq	1.1.1
iphone_os	le	4.1
iphone_os	eq	2.0.0
iphone_os	eq	3.1.2

Rows per page:

1-10 of 291

References

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

secunia.com/advisories/42314

support.apple.com/kb/HT4456

www.securitytracker.com/id?1024768

www.vupen.com/english/advisories/2010/3046

exchange.xforce.ibmcloud.com/vulnerabilities/63416