Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-0585 (GCVE-0-2012-0585)
Vulnerability from cvelistv5 – Published: 2012-03-08 22:00 – Updated: 2024-08-06 18:30
VLAI?
EPSS
Summary
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:52.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1026774",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48377"
},
{
"name": "79964",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79964"
},
{
"name": "appleios-browsing-sec-bypass(73871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"name": "APPLE-SA-2012-03-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1026774",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48377"
},
{
"name": "79964",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79964"
},
{
"name": "appleios-browsing-sec-bypass(73871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"name": "APPLE-SA-2012-03-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "79964",
"refsource": "OSVDB",
"url": "http://osvdb.org/79964"
},
{
"name": "appleios-browsing-sec-bypass(73871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2012-0585",
"datePublished": "2012-03-08T22:00:00",
"dateReserved": "2012-01-12T00:00:00",
"dateUpdated": "2024-08-06T18:30:52.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.1\", \"matchCriteriaId\": \"4B150860-FC76-4DDC-9FEE-BC5D96D08751\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de navegaci\\u00f3n privada en Safari en Apple iOS antes de v5.1 permite a atacantes remotos saltarse la configuraci\\u00f3n de privacidad e insertar entradas en el historial de navegaci\\u00f3n a trav\\u00e9s de c\\u00f3digo Javascript que llama a los m\\u00e9todos (1) pushState o (2) replaceState.\"}]",
"id": "CVE-2012-0585",
"lastModified": "2024-11-21T01:35:19.207",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-03-08T22:55:01.823",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/79964\", \"source\": \"product-security@apple.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/48288\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48377\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1026774\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/73871\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/79964\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/48288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/48377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1026774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/73871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-0585\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2012-03-08T22:55:01.823\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de navegaci\u00f3n privada en Safari en Apple iOS antes de v5.1 permite a atacantes remotos saltarse la configuraci\u00f3n de privacidad e insertar entradas en el historial de navegaci\u00f3n a trav\u00e9s de c\u00f3digo Javascript que llama a los m\u00e9todos (1) pushState o (2) replaceState.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.1\",\"matchCriteriaId\":\"4B150860-FC76-4DDC-9FEE-BC5D96D08751\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/79964\",\"source\":\"product-security@apple.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48288\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/48377\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1026774\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73871\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/79964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/48377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1026774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
CERTA-2012-AVI-141
Vulnerability from certfr_avis - Published: - Updated:
De très nombreuses vulnérabilités ont été corrigées dans Safari, pour de nombreux impacts dont l'exécution de code arbitraire à distance.
Description
De très nombreuses vulnérabilités ont été corrigées dans le navigateur Safari :
- de multiples problèmes de corruption mémoire permettent à un attaquant d'exécuter du code arbitraire sur le client à l'aide de pages Web spécialement conçues ;
- l'affichage des caractères dans la barre d'adresse permet de tromper un utilisateur sur l'identité du site qu'il visite ;
- certaines informations sur l'historique des pages visitées sont enregistrées même quand l'option 'Navigation privée' est activée ;
- plusieurs vulnérabilités permettent une injection de code indirecte à distance;
- des cookies peuvent être révélés à un site illégitime.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Safari pour Mac OS et Windows versions antérieures à 5.1.4.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSafari pour Mac OS et Windows versions ant\u00e9rieures \u00e0 5.1.4.\u003c/p\u003e",
"content": "## Description\n\nDe tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur\nSafari :\n\n- de multiples probl\u00e8mes de corruption m\u00e9moire permettent \u00e0 un\n attaquant d\u0027ex\u00e9cuter du code arbitraire sur le client \u00e0 l\u0027aide de\n pages Web sp\u00e9cialement con\u00e7ues ;\n- l\u0027affichage des caract\u00e8res dans la barre d\u0027adresse permet de tromper\n un utilisateur sur l\u0027identit\u00e9 du site qu\u0027il visite ;\n- certaines informations sur l\u0027historique des pages visit\u00e9es sont\n enregistr\u00e9es m\u00eame quand l\u0027option \u0027Navigation priv\u00e9e\u0027 est activ\u00e9e ;\n- plusieurs vuln\u00e9rabilit\u00e9s permettent une injection de code indirecte\n \u00e0 distance;\n- des cookies peuvent \u00eatre r\u00e9v\u00e9l\u00e9s \u00e0 un site ill\u00e9gitime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0602"
},
{
"name": "CVE-2012-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0589"
},
{
"name": "CVE-2012-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0597"
},
{
"name": "CVE-2011-2860",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2860"
},
{
"name": "CVE-2011-2855",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2855"
},
{
"name": "CVE-2012-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0628"
},
{
"name": "CVE-2012-0623",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0623"
},
{
"name": "CVE-2012-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0588"
},
{
"name": "CVE-2012-0607",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0607"
},
{
"name": "CVE-2011-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2867"
},
{
"name": "CVE-2012-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0640"
},
{
"name": "CVE-2012-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0613"
},
{
"name": "CVE-2011-2847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2847"
},
{
"name": "CVE-2012-0630",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0630"
},
{
"name": "CVE-2011-2866",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2866"
},
{
"name": "CVE-2012-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0587"
},
{
"name": "CVE-2011-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2825"
},
{
"name": "CVE-2012-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0586"
},
{
"name": "CVE-2011-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2846"
},
{
"name": "CVE-2012-0608",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0608"
},
{
"name": "CVE-2012-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0590"
},
{
"name": "CVE-2012-0606",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0606"
},
{
"name": "CVE-2012-0633",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0633"
},
{
"name": "CVE-2011-3885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3885"
},
{
"name": "CVE-2012-0595",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0595"
},
{
"name": "CVE-2012-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0596"
},
{
"name": "CVE-2012-0627",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0627"
},
{
"name": "CVE-2012-0626",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0626"
},
{
"name": "CVE-2012-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0593"
},
{
"name": "CVE-2012-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0617"
},
{
"name": "CVE-2012-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0592"
},
{
"name": "CVE-2011-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2873"
},
{
"name": "CVE-2012-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0585"
},
{
"name": "CVE-2012-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0611"
},
{
"name": "CVE-2012-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0612"
},
{
"name": "CVE-2012-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0599"
},
{
"name": "CVE-2012-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0601"
},
{
"name": "CVE-2011-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3928"
},
{
"name": "CVE-2012-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0614"
},
{
"name": "CVE-2012-0616",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0616"
},
{
"name": "CVE-2012-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0609"
},
{
"name": "CVE-2012-0621",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0621"
},
{
"name": "CVE-2012-0631",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0631"
},
{
"name": "CVE-2012-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0600"
},
{
"name": "CVE-2011-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2857"
},
{
"name": "CVE-2012-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0584"
},
{
"name": "CVE-2011-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2868"
},
{
"name": "CVE-2011-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3909"
},
{
"name": "CVE-2012-0618",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0618"
},
{
"name": "CVE-2012-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0622"
},
{
"name": "CVE-2011-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2869"
},
{
"name": "CVE-2012-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0624"
},
{
"name": "CVE-2012-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0604"
},
{
"name": "CVE-2012-0620",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0620"
},
{
"name": "CVE-2012-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0603"
},
{
"name": "CVE-2011-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3888"
},
{
"name": "CVE-2012-0647",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0647"
},
{
"name": "CVE-2012-0637",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0637"
},
{
"name": "CVE-2012-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0629"
},
{
"name": "CVE-2011-2854",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2854"
},
{
"name": "CVE-2012-0610",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0610"
},
{
"name": "CVE-2012-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0648"
},
{
"name": "CVE-2012-0632",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0632"
},
{
"name": "CVE-2012-0619",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0619"
},
{
"name": "CVE-2011-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2870"
},
{
"name": "CVE-2011-2833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2833"
},
{
"name": "CVE-2012-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0594"
},
{
"name": "CVE-2011-3908",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3908"
},
{
"name": "CVE-2012-0625",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0625"
},
{
"name": "CVE-2012-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0605"
},
{
"name": "CVE-2011-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2871"
},
{
"name": "CVE-2012-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0635"
},
{
"name": "CVE-2012-0615",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0615"
},
{
"name": "CVE-2012-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0636"
},
{
"name": "CVE-2012-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0591"
},
{
"name": "CVE-2012-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0639"
},
{
"name": "CVE-2011-3897",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3897"
},
{
"name": "CVE-2012-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0598"
},
{
"name": "CVE-2011-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2877"
},
{
"name": "CVE-2011-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2872"
},
{
"name": "CVE-2012-0638",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0638"
},
{
"name": "CVE-2011-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3887"
},
{
"name": "CVE-2011-3881",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3881"
}
],
"links": [],
"reference": "CERTA-2012-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari, pour de\nnombreux impacts dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5190 du 12 mars 2012",
"url": "http://support.apple.com/kb/HT5190"
}
]
}
CERTA-2012-AVI-127
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités, permettant notamment l'exécution de code arbitraire à distance, ont été corrigées dans Apple iOS.
Description
De multiples vulnérabilités ont été corrigées dans Apple iOS. Ces vulnérabilités peuvent notamment être utilisées par une personne malintentionnée pour provoquer l'exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPhone 3GS, 4 et 4S avec iOS versions ant\u00e9rieures \u00e0 5.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPod 3\u00e8me g\u00e9n\u00e9ration avec iOS versions ant\u00e9rieurs \u00e0 5.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPad 1 et 2 avec iOS versions ant\u00e9rieures \u00e0 5.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalintentionn\u00e9e pour provoquer l\u0027ex\u00e9cution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0602"
},
{
"name": "CVE-2012-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0589"
},
{
"name": "CVE-2012-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0597"
},
{
"name": "CVE-2011-2860",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2860"
},
{
"name": "CVE-2011-2855",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2855"
},
{
"name": "CVE-2012-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0628"
},
{
"name": "CVE-2012-0623",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0623"
},
{
"name": "CVE-2012-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0588"
},
{
"name": "CVE-2012-0607",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0607"
},
{
"name": "CVE-2011-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2867"
},
{
"name": "CVE-2012-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0613"
},
{
"name": "CVE-2011-2847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2847"
},
{
"name": "CVE-2012-0630",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0630"
},
{
"name": "CVE-2012-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0587"
},
{
"name": "CVE-2011-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2825"
},
{
"name": "CVE-2012-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0586"
},
{
"name": "CVE-2011-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2846"
},
{
"name": "CVE-2011-3453",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3453"
},
{
"name": "CVE-2012-0608",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0608"
},
{
"name": "CVE-2012-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0590"
},
{
"name": "CVE-2012-0606",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0606"
},
{
"name": "CVE-2012-0633",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0633"
},
{
"name": "CVE-2011-3885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3885"
},
{
"name": "CVE-2012-0595",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0595"
},
{
"name": "CVE-2012-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0596"
},
{
"name": "CVE-2012-0627",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0627"
},
{
"name": "CVE-2012-0626",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0626"
},
{
"name": "CVE-2012-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0593"
},
{
"name": "CVE-2012-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0617"
},
{
"name": "CVE-2012-0644",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0644"
},
{
"name": "CVE-2012-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0592"
},
{
"name": "CVE-2011-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2873"
},
{
"name": "CVE-2012-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0585"
},
{
"name": "CVE-2012-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0611"
},
{
"name": "CVE-2012-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0612"
},
{
"name": "CVE-2012-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0599"
},
{
"name": "CVE-2012-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0601"
},
{
"name": "CVE-2011-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3928"
},
{
"name": "CVE-2012-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0614"
},
{
"name": "CVE-2012-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0643"
},
{
"name": "CVE-2012-0616",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0616"
},
{
"name": "CVE-2012-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0609"
},
{
"name": "CVE-2012-0621",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0621"
},
{
"name": "CVE-2012-0631",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0631"
},
{
"name": "CVE-2012-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0600"
},
{
"name": "CVE-2011-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2857"
},
{
"name": "CVE-2011-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2868"
},
{
"name": "CVE-2011-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3909"
},
{
"name": "CVE-2012-0618",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0618"
},
{
"name": "CVE-2012-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0622"
},
{
"name": "CVE-2011-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2869"
},
{
"name": "CVE-2012-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0624"
},
{
"name": "CVE-2012-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0604"
},
{
"name": "CVE-2012-0620",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0620"
},
{
"name": "CVE-2012-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0603"
},
{
"name": "CVE-2011-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3888"
},
{
"name": "CVE-2012-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0629"
},
{
"name": "CVE-2011-2854",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2854"
},
{
"name": "CVE-2012-0610",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0610"
},
{
"name": "CVE-2012-0632",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0632"
},
{
"name": "CVE-2012-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0642"
},
{
"name": "CVE-2012-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0646"
},
{
"name": "CVE-2012-0619",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0619"
},
{
"name": "CVE-2011-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2870"
},
{
"name": "CVE-2012-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0641"
},
{
"name": "CVE-2011-2833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2833"
},
{
"name": "CVE-2012-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0645"
},
{
"name": "CVE-2012-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0594"
},
{
"name": "CVE-2011-3908",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3908"
},
{
"name": "CVE-2012-0625",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0625"
},
{
"name": "CVE-2012-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0605"
},
{
"name": "CVE-2011-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2871"
},
{
"name": "CVE-2012-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0635"
},
{
"name": "CVE-2012-0615",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0615"
},
{
"name": "CVE-2012-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0591"
},
{
"name": "CVE-2011-3897",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3897"
},
{
"name": "CVE-2012-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0598"
},
{
"name": "CVE-2011-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2877"
},
{
"name": "CVE-2011-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2872"
},
{
"name": "CVE-2011-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3887"
},
{
"name": "CVE-2011-3881",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3881"
}
],
"links": [],
"reference": "CERTA-2012-AVI-127",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s, permettant notamment l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 07 mars 2012",
"url": "http://support.apple.com/kb/HT1222"
}
]
}
CERTA-2012-AVI-141
Vulnerability from certfr_avis - Published: - Updated:
De très nombreuses vulnérabilités ont été corrigées dans Safari, pour de nombreux impacts dont l'exécution de code arbitraire à distance.
Description
De très nombreuses vulnérabilités ont été corrigées dans le navigateur Safari :
- de multiples problèmes de corruption mémoire permettent à un attaquant d'exécuter du code arbitraire sur le client à l'aide de pages Web spécialement conçues ;
- l'affichage des caractères dans la barre d'adresse permet de tromper un utilisateur sur l'identité du site qu'il visite ;
- certaines informations sur l'historique des pages visitées sont enregistrées même quand l'option 'Navigation privée' est activée ;
- plusieurs vulnérabilités permettent une injection de code indirecte à distance;
- des cookies peuvent être révélés à un site illégitime.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Safari pour Mac OS et Windows versions antérieures à 5.1.4.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSafari pour Mac OS et Windows versions ant\u00e9rieures \u00e0 5.1.4.\u003c/p\u003e",
"content": "## Description\n\nDe tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur\nSafari :\n\n- de multiples probl\u00e8mes de corruption m\u00e9moire permettent \u00e0 un\n attaquant d\u0027ex\u00e9cuter du code arbitraire sur le client \u00e0 l\u0027aide de\n pages Web sp\u00e9cialement con\u00e7ues ;\n- l\u0027affichage des caract\u00e8res dans la barre d\u0027adresse permet de tromper\n un utilisateur sur l\u0027identit\u00e9 du site qu\u0027il visite ;\n- certaines informations sur l\u0027historique des pages visit\u00e9es sont\n enregistr\u00e9es m\u00eame quand l\u0027option \u0027Navigation priv\u00e9e\u0027 est activ\u00e9e ;\n- plusieurs vuln\u00e9rabilit\u00e9s permettent une injection de code indirecte\n \u00e0 distance;\n- des cookies peuvent \u00eatre r\u00e9v\u00e9l\u00e9s \u00e0 un site ill\u00e9gitime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0602"
},
{
"name": "CVE-2012-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0589"
},
{
"name": "CVE-2012-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0597"
},
{
"name": "CVE-2011-2860",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2860"
},
{
"name": "CVE-2011-2855",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2855"
},
{
"name": "CVE-2012-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0628"
},
{
"name": "CVE-2012-0623",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0623"
},
{
"name": "CVE-2012-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0588"
},
{
"name": "CVE-2012-0607",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0607"
},
{
"name": "CVE-2011-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2867"
},
{
"name": "CVE-2012-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0640"
},
{
"name": "CVE-2012-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0613"
},
{
"name": "CVE-2011-2847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2847"
},
{
"name": "CVE-2012-0630",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0630"
},
{
"name": "CVE-2011-2866",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2866"
},
{
"name": "CVE-2012-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0587"
},
{
"name": "CVE-2011-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2825"
},
{
"name": "CVE-2012-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0586"
},
{
"name": "CVE-2011-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2846"
},
{
"name": "CVE-2012-0608",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0608"
},
{
"name": "CVE-2012-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0590"
},
{
"name": "CVE-2012-0606",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0606"
},
{
"name": "CVE-2012-0633",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0633"
},
{
"name": "CVE-2011-3885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3885"
},
{
"name": "CVE-2012-0595",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0595"
},
{
"name": "CVE-2012-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0596"
},
{
"name": "CVE-2012-0627",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0627"
},
{
"name": "CVE-2012-0626",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0626"
},
{
"name": "CVE-2012-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0593"
},
{
"name": "CVE-2012-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0617"
},
{
"name": "CVE-2012-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0592"
},
{
"name": "CVE-2011-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2873"
},
{
"name": "CVE-2012-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0585"
},
{
"name": "CVE-2012-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0611"
},
{
"name": "CVE-2012-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0612"
},
{
"name": "CVE-2012-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0599"
},
{
"name": "CVE-2012-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0601"
},
{
"name": "CVE-2011-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3928"
},
{
"name": "CVE-2012-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0614"
},
{
"name": "CVE-2012-0616",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0616"
},
{
"name": "CVE-2012-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0609"
},
{
"name": "CVE-2012-0621",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0621"
},
{
"name": "CVE-2012-0631",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0631"
},
{
"name": "CVE-2012-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0600"
},
{
"name": "CVE-2011-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2857"
},
{
"name": "CVE-2012-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0584"
},
{
"name": "CVE-2011-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2868"
},
{
"name": "CVE-2011-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3909"
},
{
"name": "CVE-2012-0618",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0618"
},
{
"name": "CVE-2012-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0622"
},
{
"name": "CVE-2011-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2869"
},
{
"name": "CVE-2012-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0624"
},
{
"name": "CVE-2012-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0604"
},
{
"name": "CVE-2012-0620",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0620"
},
{
"name": "CVE-2012-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0603"
},
{
"name": "CVE-2011-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3888"
},
{
"name": "CVE-2012-0647",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0647"
},
{
"name": "CVE-2012-0637",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0637"
},
{
"name": "CVE-2012-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0629"
},
{
"name": "CVE-2011-2854",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2854"
},
{
"name": "CVE-2012-0610",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0610"
},
{
"name": "CVE-2012-0648",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0648"
},
{
"name": "CVE-2012-0632",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0632"
},
{
"name": "CVE-2012-0619",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0619"
},
{
"name": "CVE-2011-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2870"
},
{
"name": "CVE-2011-2833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2833"
},
{
"name": "CVE-2012-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0594"
},
{
"name": "CVE-2011-3908",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3908"
},
{
"name": "CVE-2012-0625",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0625"
},
{
"name": "CVE-2012-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0605"
},
{
"name": "CVE-2011-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2871"
},
{
"name": "CVE-2012-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0635"
},
{
"name": "CVE-2012-0615",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0615"
},
{
"name": "CVE-2012-0636",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0636"
},
{
"name": "CVE-2012-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0591"
},
{
"name": "CVE-2012-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0639"
},
{
"name": "CVE-2011-3897",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3897"
},
{
"name": "CVE-2012-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0598"
},
{
"name": "CVE-2011-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2877"
},
{
"name": "CVE-2011-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2872"
},
{
"name": "CVE-2012-0638",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0638"
},
{
"name": "CVE-2011-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3887"
},
{
"name": "CVE-2011-3881",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3881"
}
],
"links": [],
"reference": "CERTA-2012-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari, pour de\nnombreux impacts dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5190 du 12 mars 2012",
"url": "http://support.apple.com/kb/HT5190"
}
]
}
CERTA-2012-AVI-127
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités, permettant notamment l'exécution de code arbitraire à distance, ont été corrigées dans Apple iOS.
Description
De multiples vulnérabilités ont été corrigées dans Apple iOS. Ces vulnérabilités peuvent notamment être utilisées par une personne malintentionnée pour provoquer l'exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPhone 3GS, 4 et 4S avec iOS versions ant\u00e9rieures \u00e0 5.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPod 3\u00e8me g\u00e9n\u00e9ration avec iOS versions ant\u00e9rieurs \u00e0 5.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPad 1 et 2 avec iOS versions ant\u00e9rieures \u00e0 5.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS. Ces\nvuln\u00e9rabilit\u00e9s peuvent notamment \u00eatre utilis\u00e9es par une personne\nmalintentionn\u00e9e pour provoquer l\u0027ex\u00e9cution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0602",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0602"
},
{
"name": "CVE-2012-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0589"
},
{
"name": "CVE-2012-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0597"
},
{
"name": "CVE-2011-2860",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2860"
},
{
"name": "CVE-2011-2855",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2855"
},
{
"name": "CVE-2012-0628",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0628"
},
{
"name": "CVE-2012-0623",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0623"
},
{
"name": "CVE-2012-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0588"
},
{
"name": "CVE-2012-0607",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0607"
},
{
"name": "CVE-2011-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2867"
},
{
"name": "CVE-2012-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0613"
},
{
"name": "CVE-2011-2847",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2847"
},
{
"name": "CVE-2012-0630",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0630"
},
{
"name": "CVE-2012-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0587"
},
{
"name": "CVE-2011-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2825"
},
{
"name": "CVE-2012-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0586"
},
{
"name": "CVE-2011-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2846"
},
{
"name": "CVE-2011-3453",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3453"
},
{
"name": "CVE-2012-0608",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0608"
},
{
"name": "CVE-2012-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0590"
},
{
"name": "CVE-2012-0606",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0606"
},
{
"name": "CVE-2012-0633",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0633"
},
{
"name": "CVE-2011-3885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3885"
},
{
"name": "CVE-2012-0595",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0595"
},
{
"name": "CVE-2012-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0596"
},
{
"name": "CVE-2012-0627",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0627"
},
{
"name": "CVE-2012-0626",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0626"
},
{
"name": "CVE-2012-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0593"
},
{
"name": "CVE-2012-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0617"
},
{
"name": "CVE-2012-0644",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0644"
},
{
"name": "CVE-2012-0592",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0592"
},
{
"name": "CVE-2011-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2873"
},
{
"name": "CVE-2012-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0585"
},
{
"name": "CVE-2012-0611",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0611"
},
{
"name": "CVE-2012-0612",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0612"
},
{
"name": "CVE-2012-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0599"
},
{
"name": "CVE-2012-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0601"
},
{
"name": "CVE-2011-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3928"
},
{
"name": "CVE-2012-0614",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0614"
},
{
"name": "CVE-2012-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0643"
},
{
"name": "CVE-2012-0616",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0616"
},
{
"name": "CVE-2012-0609",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0609"
},
{
"name": "CVE-2012-0621",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0621"
},
{
"name": "CVE-2012-0631",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0631"
},
{
"name": "CVE-2012-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0600"
},
{
"name": "CVE-2011-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2857"
},
{
"name": "CVE-2011-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2868"
},
{
"name": "CVE-2011-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3909"
},
{
"name": "CVE-2012-0618",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0618"
},
{
"name": "CVE-2012-0622",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0622"
},
{
"name": "CVE-2011-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2869"
},
{
"name": "CVE-2012-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0624"
},
{
"name": "CVE-2012-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0604"
},
{
"name": "CVE-2012-0620",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0620"
},
{
"name": "CVE-2012-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0603"
},
{
"name": "CVE-2011-3888",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3888"
},
{
"name": "CVE-2012-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0629"
},
{
"name": "CVE-2011-2854",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2854"
},
{
"name": "CVE-2012-0610",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0610"
},
{
"name": "CVE-2012-0632",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0632"
},
{
"name": "CVE-2012-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0642"
},
{
"name": "CVE-2012-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0646"
},
{
"name": "CVE-2012-0619",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0619"
},
{
"name": "CVE-2011-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2870"
},
{
"name": "CVE-2012-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0641"
},
{
"name": "CVE-2011-2833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2833"
},
{
"name": "CVE-2012-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0645"
},
{
"name": "CVE-2012-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0594"
},
{
"name": "CVE-2011-3908",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3908"
},
{
"name": "CVE-2012-0625",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0625"
},
{
"name": "CVE-2012-0605",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0605"
},
{
"name": "CVE-2011-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2871"
},
{
"name": "CVE-2012-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0635"
},
{
"name": "CVE-2012-0615",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0615"
},
{
"name": "CVE-2012-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0591"
},
{
"name": "CVE-2011-3897",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3897"
},
{
"name": "CVE-2012-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0598"
},
{
"name": "CVE-2011-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2877"
},
{
"name": "CVE-2011-2872",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2872"
},
{
"name": "CVE-2011-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3887"
},
{
"name": "CVE-2011-3881",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3881"
}
],
"links": [],
"reference": "CERTA-2012-AVI-127",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s, permettant notamment l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 07 mars 2012",
"url": "http://support.apple.com/kb/HT1222"
}
]
}
GSD-2012-0585
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-0585",
"description": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.",
"id": "GSD-2012-0585"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-0585"
],
"details": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.",
"id": "GSD-2012-0585",
"modified": "2023-12-13T01:20:13.500427Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "79964",
"refsource": "OSVDB",
"url": "http://osvdb.org/79964"
},
{
"name": "appleios-browsing-sec-bypass(73871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0585"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48288",
"refsource": "SECUNIA",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48288"
},
{
"name": "79964",
"refsource": "OSVDB",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/79964"
},
{
"name": "48377",
"refsource": "SECUNIA",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48377"
},
{
"name": "appleios-browsing-sec-bypass(73871)",
"refsource": "XF",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-11-29T14:43Z",
"publishedDate": "2012-03-08T22:55Z"
}
}
}
GHSA-9G46-7GM4-V6GC
Vulnerability from github – Published: 2022-05-14 01:55 – Updated: 2022-05-14 01:55
VLAI?
Details
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
{
"affected": [],
"aliases": [
"CVE-2012-0585"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-03-08T22:55:00Z",
"severity": "MODERATE"
},
"details": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.",
"id": "GHSA-9g46-7gm4-v6gc",
"modified": "2022-05-14T01:55:48Z",
"published": "2022-05-14T01:55:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0585"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/79964"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48288"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48377"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026774"
}
],
"schema_version": "1.4.0",
"severity": []
}
FKIE_CVE-2012-0585
Vulnerability from fkie_nvd - Published: 2012-03-08 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B150860-FC76-4DDC-9FEE-BC5D96D08751",
"versionEndExcluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method."
},
{
"lang": "es",
"value": "La funcionalidad de navegaci\u00f3n privada en Safari en Apple iOS antes de v5.1 permite a atacantes remotos saltarse la configuraci\u00f3n de privacidad e insertar entradas en el historial de navegaci\u00f3n a trav\u00e9s de c\u00f3digo Javascript que llama a los m\u00e9todos (1) pushState o (2) replaceState."
}
],
"id": "CVE-2012-0585",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-08T22:55:01.823",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/79964"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48288"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48377"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026774"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/79964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/48377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1026774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201203-0033
Vulnerability from variot - Updated: 2023-12-18 10:49The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. Apple iOS for iPhone, iPod touch, and iPad is prone to multiple security vulnerabilities. These issues affect the following components: CFNetwork HFS Kernel Passcode Lock Safari Siri VPN Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A vulnerability exists in the Private Browsing functionality in Safari versions prior to Apple iOS 5.1. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems. CVE-ID CVE-2012-0640 : nshah
WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista, XP SP2 or later Impact: HTTP authentication credentials may be inadvertently disclosed to another site Description: If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA48288
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE: 2012-03-09
DISCUSS ADVISORY: http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be exploited to disclose sensitive information by tricking the user into visiting a malicious website.
3) A logic error within the kernel does not properly handle debug system calls and can be exploited to bypass the sandbox restrictions.
4) An integer overflow error within the libresolv library when handling DNS resource records can be exploited to corrupt heap memory.
9) A cross-origin error in the WebKit component can be exploited to bypass the same-origin policy and disclose a cookie by tricking the user into visiting a malicious website.
10) An error within the WebKit component when handling drag-and-drop actions can be exploited to conduct cross-site scripting attacks.
11) Multiple unspecified errors within the WebKit component can be exploited to conduct cross-site scripting attacks.
12) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.
SOLUTION: Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Erling Ellingsen, Facebook. 2, 8) pod2g. 3) 2012 iOS Jailbreak Dream Team. 5) Roland Kohler, the German Federal Ministry of Economics and Technology. 6) Eric Melville, American Express. 9) Sergey Glazunov.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5192
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
iOS 5.1 Software Update is now available and addresses the following:
CFNetwork Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. CVE-ID CVE-2012-0641 : Erling Ellingsen of Facebook
HFS Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution Description: An integer underflow existed with the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g
Kernel Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. CVE-ID CVE-2012-0643 : 2012 iOS Jailbreak Dream Team
libresolv Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive
Passcode Lock Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen. CVE-ID CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology
Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Web page visits may be recorded in browser history even when Private Browsing is active Description: Safari's Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active. CVE-ID CVE-2012-0585 : Eric Melville of American Express
Siri Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: An attacker with physical access to a locked phone could get access to frontmost email message Description: A design issue existed in Siri's lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen. CVE-ID CVE-2012-0645
VPN Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges Description: A format string vulnerability existed in the handling of racoon configuration files. CVE-ID CVE-2012-0646 : pod2g
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. CVE-ID CVE-2011-3887 : Sergey Glazunov
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins. CVE-ID CVE-2012-0590 : Adam Barth of Google Chrome Security Team
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-origin issues existed in WebKit. CVE-ID CVE-2011-3881 : Sergey Glazunov CVE-2012-0586 : Sergey Glazunov CVE-2012-0587 : Sergey Glazunov CVE-2012-0588 : Jochen Eisinger of Google Chrome Team CVE-2012-0589 : Alan Austin of polyvore.com
WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-2833 : Apple CVE-2011-2846 : Arthur Gerkis, miaubiz CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP CVE-2011-2857 : miaubiz CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2867 : Dirk Schulze CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2877 : miaubiz CVE-2011-3885 : miaubiz CVE-2011-3888 : miaubiz CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative CVE-2011-3908 : Aki Helin of OUSPG CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2012-0591 : miaubiz, and Martin Barbella CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative CVE-2012-0593 : Lei Zhang of the Chromium development community CVE-2012-0594 : Adam Klein of the Chromium development community CVE-2012-0595 : Apple CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0597 : miaubiz CVE-2012-0598 : Sergey Glazunov CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple CVE-2012-0601 : Apple CVE-2012-0602 : Apple CVE-2012-0603 : Apple CVE-2012-0604 : Apple CVE-2012-0605 : Apple CVE-2012-0606 : Apple CVE-2012-0607 : Apple CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0611 : Martin Barbella using AddressSanitizer CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0615 : Martin Barbella using AddressSanitizer CVE-2012-0616 : miaubiz CVE-2012-0617 : Martin Barbella using AddressSanitizer CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0621 : Martin Barbella using AddressSanitizer CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome Security Team CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0624 : Martin Barbella using AddressSanitizer CVE-2012-0625 : Martin Barbella CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0627 : Apple CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0630 : Sergio Villar Senin of Igalia CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using AddressSanitizer CVE-2012-0633 : Apple CVE-2012-0635 : Julien Chaffraix of the Chromium development community, Martin Barbella using AddressSanitizer
Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. We recommend applying the update immediately if possible.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. The version after applying this update will be "5.1".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq 4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90 HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6 7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY= =qPeE -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (ipad and ipad 2)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (iphone 3gs)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (iphone 4)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (iphone 4s)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1 (ipod touch (3rd generation) or later )"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1-"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0-"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2-"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3-"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2-"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1-"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1-"
},
{
"model": "iphone ipodtouch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0-"
},
{
"model": "iphone iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0-"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "52364"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erling Ellingsen of Facebook, pod2g, 2012 iOS Jailbreak Dream Team, Roland Kohler of the German Federal Ministry of Economics and Technology, Eric Melville of American Express",
"sources": [
{
"db": "BID",
"id": "52364"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-196"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0585",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-53866",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0585",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53866",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. Apple iOS for iPhone, iPod touch, and iPad is prone to multiple security vulnerabilities. These issues affect the following components:\nCFNetwork\nHFS\nKernel\nPasscode Lock\nSafari\nSiri\nVPN\nSuccessfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A vulnerability exists in the Private Browsing functionality in Safari versions prior to Apple iOS 5.1. \nThese could be used in a malicious web site to direct the user to a\nspoofed site that visually appears to be a legitimate domain. This\nissue is addressed through an improved domain name validity check. \nThis issue does not affect OS X systems. \nCVE-ID\nCVE-2012-0640 : nshah\n\nWebKit\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7.3, OS X Lion Server v10.7.3, Windows 7, Vista,\nXP SP2 or later\nImpact: HTTP authentication credentials may be inadvertently\ndisclosed to another site\nDescription: If a site uses HTTP authentication and redirects to\nanother site, the authentication credentials may be sent to the other\nsite. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48288\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48288/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48288\n\nRELEASE DATE:\n2012-03-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48288/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48288/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48288\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities have been reported in Apple\niOS, which can be exploited by malicious people with physical access\nto bypass certain security restrictions and by malicious people to\ndisclose sensitive information, conduct cross-site scripting attacks,\nbypass certain security restrictions, and compromise a user\u0027s device. \n\n1) An error within the CFNetwork component when handling URLs can be\nexploited to disclose sensitive information by tricking the user into\nvisiting a malicious website. \n\n3) A logic error within the kernel does not properly handle debug\nsystem calls and can be exploited to bypass the sandbox\nrestrictions. \n\n4) An integer overflow error within the libresolv library when\nhandling DNS resource records can be exploited to corrupt heap\nmemory. \n\n9) A cross-origin error in the WebKit component can be exploited to\nbypass the same-origin policy and disclose a cookie by tricking the\nuser into visiting a malicious website. \n\n10) An error within the WebKit component when handling drag-and-drop\nactions can be exploited to conduct cross-site scripting attacks. \n\n11) Multiple unspecified errors within the WebKit component can be\nexploited to conduct cross-site scripting attacks. \n\n12) Some vulnerabilities are caused due to a bundled vulnerable\nversion of WebKit. \n\nSOLUTION:\nApply iOS 5.1 Software Update. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Erling Ellingsen, Facebook. \n2, 8) pod2g. \n3) 2012 iOS Jailbreak Dream Team. \n5) Roland Kohler, the German Federal Ministry of Economics and\nTechnology. \n6) Eric Melville, American Express. \n9) Sergey Glazunov. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT5192\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-03-07-2 iOS 5.1 Software Update\n\niOS 5.1 Software Update is now available and addresses the following:\n\nCFNetwork\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. \nCVE-ID\nCVE-2012-0641 : Erling Ellingsen of Facebook\n\nHFS\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Mounting a maliciously crafted disk image may lead to a\ndevice shutdown or arbitrary code execution\nDescription: An integer underflow existed with the handling of HFS\ncatalog files. \nCVE-ID\nCVE-2012-0642 : pod2g\n\nKernel\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: A malicious program could bypass sandbox restrictions\nDescription: A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. \nCVE-ID\nCVE-2012-0643 : 2012 iOS Jailbreak Dream Team\n\nlibresolv\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Applications that use the libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow existed in the handling of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nPasscode Lock\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: A person with physical access to the device may be able to\nbypass the screen lock\nDescription: A race condition issue existed in the handling of slide\nto dial gestures. This may allow a person with physical access to the\ndevice to bypass the Passcode Lock screen. \nCVE-ID\nCVE-2012-0644 : Roland Kohler of the German Federal Ministry of\nEconomics and Technology\n\nSafari\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Web page visits may be recorded in browser history even when\nPrivate Browsing is active\nDescription: Safari\u0027s Private Browsing is designed to prevent\nrecording of a browsing session. Pages visited as a result of a site\nusing the JavaScript methods pushState or replaceState were recorded\nin the browser history even when Private Browsing mode was active. \nThis issue is addressed by not recording such visits when Private\nBrowsing is active. \nCVE-ID\nCVE-2012-0585 : Eric Melville of American Express\n\nSiri\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: An attacker with physical access to a locked phone could get\naccess to frontmost email message\nDescription: A design issue existed in Siri\u0027s lock screen\nrestrictions. If Siri was enabled for use on the lock screen, and\nMail was open with a message selected behind the lock screen, a voice\ncommand could be used to send that message to an arbitrary recipient. \nThis issue is addressed by disabling forwarding of active messages\nfrom the lock screen. \nCVE-ID\nCVE-2012-0645\n\nVPN\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: A maliciously crafted system configuration file may lead to\narbitrary code execution with system privileges\nDescription: A format string vulnerability existed in the handling\nof racoon configuration files. \nCVE-ID\nCVE-2012-0646 : pod2g\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of cookies\nDescription: A cross-origin issue existed in WebKit, which may allow\ncookies to be disclosed across origins. \nCVE-ID\nCVE-2011-3887 : Sergey Glazunov\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website and dragging content\nwith the mouse may lead to a cross-site scripting attack\nDescription: A cross-origin issue existed in WebKit, which may allow\ncontent to be dragged and dropped across origins. \nCVE-ID\nCVE-2012-0590 : Adam Barth of Google Chrome Security Team\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: Multiple cross-origin issues existed in WebKit. \nCVE-ID\nCVE-2011-3881 : Sergey Glazunov\nCVE-2012-0586 : Sergey Glazunov\nCVE-2012-0587 : Sergey Glazunov\nCVE-2012-0588 : Jochen Eisinger of Google Chrome Team\nCVE-2012-0589 : Alan Austin of polyvore.com\n\nWebKit\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\niPod touch (3rd generation) and later, iPad, iPad 2\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nCVE-ID\nCVE-2011-2825 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-2833 : Apple\nCVE-2011-2846 : Arthur Gerkis, miaubiz\nCVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome\nSecurity Team using AddressSanitizer\nCVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense\nVCP\nCVE-2011-2857 : miaubiz\nCVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2867 : Dirk Schulze\nCVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2869 : Cris Neckar of Google Chrome Security Team using\nAddressSanitizer\nCVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google\nChrome Security Team using AddressSanitizer\nCVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2011-2877 : miaubiz\nCVE-2011-3885 : miaubiz\nCVE-2011-3888 : miaubiz\nCVE-2011-3897 : pa_kt working with TippingPoint\u0027s Zero Day Initiative\nCVE-2011-3908 : Aki Helin of OUSPG\nCVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu\nCVE-2011-3928 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2012-0591 : miaubiz, and Martin Barbella\nCVE-2012-0592 : Alexander Gavrun working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2012-0593 : Lei Zhang of the Chromium development community\nCVE-2012-0594 : Adam Klein of the Chromium development community\nCVE-2012-0595 : Apple\nCVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0597 : miaubiz\nCVE-2012-0598 : Sergey Glazunov\nCVE-2012-0599 : Dmytro Gorbunov of SaveSources.com\nCVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google\nChrome, miaubiz, Aki Helin of OUSPG, Apple\nCVE-2012-0601 : Apple\nCVE-2012-0602 : Apple\nCVE-2012-0603 : Apple\nCVE-2012-0604 : Apple\nCVE-2012-0605 : Apple\nCVE-2012-0606 : Apple\nCVE-2012-0607 : Apple\nCVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer\nCVE-2012-0611 : Martin Barbella using AddressSanitizer\nCVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer\nCVE-2012-0615 : Martin Barbella using AddressSanitizer\nCVE-2012-0616 : miaubiz\nCVE-2012-0617 : Martin Barbella using AddressSanitizer\nCVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0621 : Martin Barbella using AddressSanitizer\nCVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome\nSecurity Team\nCVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0624 : Martin Barbella using AddressSanitizer\nCVE-2012-0625 : Martin Barbella\nCVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam using AddressSanitizer\nCVE-2012-0627 : Apple\nCVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of\nGoogle Chrome Security Team using AddressSanitizer\nCVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2012-0630 : Sergio Villar Senin of Igalia\nCVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using\nAddressSanitizer\nCVE-2012-0633 : Apple\nCVE-2012-0635 : Julien Chaffraix of the Chromium development\ncommunity, Martin Barbella using AddressSanitizer\n\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. We recommend applying\nthe update immediately if possible. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. The version after applying this update will be \"5.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq\n4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM\nbCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY\nRDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90\nHAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6\n7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=\n=qPeE\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "BID",
"id": "52364"
},
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "PACKETSTORM",
"id": "110716"
},
{
"db": "PACKETSTORM",
"id": "110650"
},
{
"db": "PACKETSTORM",
"id": "110591"
},
{
"db": "PACKETSTORM",
"id": "110779"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0585",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "48377",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "48288",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "79964",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1026774",
"trust": 1.1
},
{
"db": "BID",
"id": "52364",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201203-196",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2012-03-07-2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19064",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-53866",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110716",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110591",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110779",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "BID",
"id": "52364"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "PACKETSTORM",
"id": "110716"
},
{
"db": "PACKETSTORM",
"id": "110650"
},
{
"db": "PACKETSTORM",
"id": "110591"
},
{
"db": "PACKETSTORM",
"id": "110779"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-196"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"id": "VAR-201203-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53866"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:49:49.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5190",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5190"
},
{
"title": "HT5192",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht5192"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/mar/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2012/mar/msg00003.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/79964"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1026774"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48288"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48377"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73871"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0585"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu341747"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu428075/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0585"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52364"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19064"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2867"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2872"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2877"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2871"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2860"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3885"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3928"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2873"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2870"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2868"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2855"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2854"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3908"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0586"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2833"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2846"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0584"
},
{
"trust": 0.1,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2866"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48288/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48288"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48288/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5192"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3453"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0587"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5190"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48377/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48377/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48377"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "BID",
"id": "52364"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "PACKETSTORM",
"id": "110716"
},
{
"db": "PACKETSTORM",
"id": "110650"
},
{
"db": "PACKETSTORM",
"id": "110591"
},
{
"db": "PACKETSTORM",
"id": "110779"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-196"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-53866"
},
{
"db": "BID",
"id": "52364"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"db": "PACKETSTORM",
"id": "110716"
},
{
"db": "PACKETSTORM",
"id": "110650"
},
{
"db": "PACKETSTORM",
"id": "110591"
},
{
"db": "PACKETSTORM",
"id": "110779"
},
{
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-196"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-53866"
},
{
"date": "2012-03-08T00:00:00",
"db": "BID",
"id": "52364"
},
{
"date": "2012-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"date": "2012-03-13T00:58:40",
"db": "PACKETSTORM",
"id": "110716"
},
{
"date": "2012-03-11T05:32:13",
"db": "PACKETSTORM",
"id": "110650"
},
{
"date": "2012-03-08T22:23:23",
"db": "PACKETSTORM",
"id": "110591"
},
{
"date": "2012-03-14T05:16:27",
"db": "PACKETSTORM",
"id": "110779"
},
{
"date": "2012-03-08T22:55:01.823000",
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"date": "2012-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-196"
},
{
"date": "2012-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-53866"
},
{
"date": "2012-09-20T17:10:00",
"db": "BID",
"id": "52364"
},
{
"date": "2012-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001667"
},
{
"date": "2018-11-29T14:43:16.140000",
"db": "NVD",
"id": "CVE-2012-0585"
},
{
"date": "2012-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-196"
},
{
"date": "2012-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote \u203b local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products Safari Vulnerability that bypasses privacy settings in the private browsing function inside",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001667"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-091"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…