The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | Vendor Advisory |
http://support.apple.com/kb/HT5503 | Vendor Advisory |
http://osvdb.org/85620 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-09-20 14:55
Updated : 2013-03-25 20:37
NVD link : CVE-2012-3738
Mitre link : CVE-2012-3738
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
apple
- iphone_os