CVE-2013-3951: Input Validation
First published: Wed Jun 05 2013(Updated: )
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iStyle @cosme iPhone OS | <=8.2 | |
| Apple iOS and macOS | <=10.10.4 | |
| Apple iOS, iPadOS, and watchOS | <=1.0.1 | |
| iStyle @cosme iPhone OS | =6.1.3 | |
| Apple iOS and macOS | =10.8.0 | |
| Apple iOS and macOS | =10.8.1 | |
| Apple iOS and macOS | =10.8.2 | |
| Apple iOS and macOS | =10.8.3 | |
| Apple iOS and macOS | =10.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securitytracker.com/id/1033703
- http://www.syscan.org/index.php/sg/program/day/2
- https://support.apple.com/HT205212
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
Frequently Asked Questions
What is the severity of CVE-2013-3951?
CVE-2013-3951 is rated as a high-severity vulnerability due to its potential to allow local users to bypass stack protection mechanisms.
How do I fix CVE-2013-3951?
To fix CVE-2013-3951, it is recommended to update to the latest version of Apple iOS, macOS, or watchOS that addresses this vulnerability.
What areas are affected by CVE-2013-3951?
CVE-2013-3951 affects Apple iOS versions up to 8.2, macOS versions up to 10.10.4, and watchOS versions up to 1.0.1.
Who is at risk from CVE-2013-3951?
Local users on affected Apple devices are at risk from CVE-2013-3951 as it allows exploitation of the security feature related to stack cookies.
What type of vulnerabilities does CVE-2013-3951 fall under?
CVE-2013-3951 falls under local privilege escalation vulnerabilities due to improper implementation of stack cookie protections.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/8.2
- canonical/apple ios and macos
- version/apple ios and macos/10.10.4
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/1.0.1
- version/istyle @cosme iphone os/6.1.3
- version/apple ios and macos/10.8.0
- version/apple ios and macos/10.8.1
- version/apple ios and macos/10.8.2
- version/apple ios and macos/10.8.3
- version/apple ios and macos/10.8.4