CVE-2013-0964: Input Validation
First published: Tue Jan 29 2013(Updated: )
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <=5.1.1 | |
| tvOS | =1.0.0 | |
| tvOS | =1.1.0 | |
| tvOS | =2.0.0 | |
| tvOS | =2.0.1 | |
| tvOS | =2.0.2 | |
| tvOS | =2.1.0 | |
| tvOS | =2.2.0 | |
| tvOS | =2.3.0 | |
| tvOS | =2.3.1 | |
| tvOS | =2.4.0 | |
| tvOS | =3.0.0 | |
| tvOS | =3.0.1 | |
| tvOS | =3.0.2 | |
| tvOS | =4.1.0 | |
| tvOS | =4.1.1 | |
| tvOS | =4.2.0 | |
| tvOS | =4.2.1 | |
| tvOS | =4.2.2 | |
| tvOS | =4.3.0 | |
| tvOS | =4.4.0 | |
| tvOS | =4.4.2 | |
| tvOS | =4.4.3 | |
| tvOS | =4.4.4 | |
| tvOS | =5.0.0 | |
| tvOS | =5.0.1 | |
| tvOS | =5.0.2 | |
| tvOS | =5.1.0 | |
| iStyle @cosme iPhone OS | <=6.0.2 | |
| iStyle @cosme iPhone OS | =6.0 | |
| iStyle @cosme iPhone OS | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-0964?
The severity of CVE-2013-0964 is considered moderate as it allows local users to bypass pointer restrictions.
How do I fix CVE-2013-0964?
To fix CVE-2013-0964, update your Apple iOS or tvOS devices to the latest versions that address this vulnerability.
What devices are affected by CVE-2013-0964?
CVE-2013-0964 affects Apple iOS devices prior to version 6.1 and Apple TV devices prior to version 5.2.
Can CVE-2013-0964 be exploited remotely?
CVE-2013-0964 cannot be exploited remotely as it requires local access to the vulnerable device.
What types of vulnerabilities does CVE-2013-0964 involve?
CVE-2013-0964 involves kernel memory access vulnerabilities due to improper validation of copyin and copyout arguments.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/tvos
- version/tvos/5.1.1
- version/tvos/1.0.0
- version/tvos/1.1.0
- version/tvos/2.0.0
- version/tvos/2.0.1
- version/tvos/2.0.2
- version/tvos/2.1.0
- version/tvos/2.2.0
- version/tvos/2.3.0
- version/tvos/2.3.1
- version/tvos/2.4.0
- version/tvos/3.0.0
- version/tvos/3.0.1
- version/tvos/3.0.2
- version/tvos/4.1.0
- version/tvos/4.1.1
- version/tvos/4.2.0
- version/tvos/4.2.1
- version/tvos/4.2.2
- version/tvos/4.3.0
- version/tvos/4.4.0
- version/tvos/4.4.2
- version/tvos/4.4.3
- version/tvos/4.4.4
- version/tvos/5.0.0
- version/tvos/5.0.1
- version/tvos/5.0.2
- version/tvos/5.1.0
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/6.0.2
- version/istyle @cosme iphone os/6.0
- version/istyle @cosme iphone os/6.0.1