Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
BID:50641
Info
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
| Bugtraq ID: | 50641 |
| Class: | Design Error |
| CVE: |
CVE-2011-3441 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 10 2011 12:00AM |
| Updated: | Feb 02 2012 12:50AM |
| Credit: | <br>Erling Ellingsen of Facebook and Per Johansson of Blocket AB. |
| Vulnerable: |
Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 |
| Not Vulnerable: |
Apple Mac Os X Server 10.7.3 Apple Mac Os X 10.7.3 Apple iOS 5.0.1 |
Discussion
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
Apple iOS is prone to an information-disclosure vulnerability that affects the Libinfo component.
An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S
iOS 3.1 through 5.0 for iPod touch (3rd generation) and late
iOS 3.2 through 5.0 for iPad
iOS 4.3 through 5.0 for iPad
Apple iOS is prone to an information-disclosure vulnerability that affects the Libinfo component.
An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
The following Apple systems are vulnerable:
iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S
iOS 3.1 through 5.0 for iPod touch (3rd generation) and late
iOS 3.2 through 5.0 for iPad
iOS 4.3 through 5.0 for iPad
Exploit / POC
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.
Solution / Fix
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Apple Mac Os X Server 10.7.2
Apple Mac Os X 10.7.1
Apple Mac Os X 10.7.2
Apple Mac Os X Server 10.7
Apple Mac Os X Server 10.7.1
Solution:
Vendor updates are available. Please see the references for more information.
Apple Mac Os X Server 10.7.2
-
Apple MacOSXServerUpd10.7.3.dmg
For OS X Lion Server v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.1
-
Apple MacOSXUpdCombo10.7.3.dmg
For OS X Lion v10.7 and v10.7.1
http://www.apple.com/support/downloads/
Apple Mac Os X 10.7.2
-
Apple MacOSXUpd10.7.3.dmg
For OS X Lion v10.7.2
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7
-
Apple MacOSXServerUpdCombo10.7.3.dmg
For OS X Lion Server v10.7 and v10.7.1
http://www.apple.com/support/downloads/
Apple Mac Os X Server 10.7.1
-
Apple MacOSXServerUpdCombo10.7.3.dmg
For OS X Lion Server v10.7 and v10.7.1
http://www.apple.com/support/downloads/
References
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
References:
References:
- Apple iOS Homepage (Apple)