Information disclosure in Apple iOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Apple iOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU15913
Risk: Low
CVSSv3.1: 2.4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in JIT in the web browser followed by an out-of-bounds access. A physical attacker can gain out-of-bounds read and write for sandbox escape and escalation and exfiltrate data from the device.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsApple iOS: 12.1 16B92
External linkshttp://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
