CVE-2010-2973

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:17

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html - () http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html -
References () http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html - () http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html -
References () http://osvdb.org/66827 - () http://osvdb.org/66827 -
References () http://secunia.com/advisories/40807 - Vendor Advisory () http://secunia.com/advisories/40807 - Vendor Advisory
References () http://support.apple.com/kb/HT4291 - () http://support.apple.com/kb/HT4291 -
References () http://support.apple.com/kb/HT4292 - () http://support.apple.com/kb/HT4292 -
References () http://www.exploit-db.com/exploits/14538 - Exploit () http://www.exploit-db.com/exploits/14538 - Exploit
References () http://www.securityfocus.com/bid/42151 - () http://www.securityfocus.com/bid/42151 -

Information

Published : 2010-08-05 18:17

Updated : 2024-11-21 01:17


NVD link : CVE-2010-2973

Mitre link : CVE-2010-2973

CVE.ORG link : CVE-2010-2973


JSON object : View

Products Affected

apple

  • ipad
  • iphone_os
  • ipod_touch
CWE
CWE-264

Permissions, Privileges, and Access Controls