| Vulnerability Name: | CVE-2010-2973 (CCN-60857) | ||||||||
| Assigned: | 2010-08-02 | ||||||||
| Published: | 2010-08-02 | ||||||||
| Updated: | 2022-08-09 | ||||||||
| Summary: | Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2010-2973 Source: APPLE Type: UNKNOWN APPLE-SA-2010-08-11-1 Source: APPLE Type: UNKNOWN APPLE-SA-2010-08-11-2 Source: OSVDB Type: UNKNOWN 66827 Source: CCN Type: SA40807 Apple iOS Security Bypass and PDF File Processing Vulnerability Source: SECUNIA Type: Vendor Advisory 40807 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4291 Source: CONFIRM Type: UNKNOWN http://support.apple.com/kb/HT4292 Source: CCN Type: Apple Web site Apple - iPhone - New features in the iOS 4 Software Update Source: CCN Type: iPhone Web Site iOS 4.0.1 Software Update Source: EXPLOIT-DB Type: Exploit 14538 Source: CCN Type: OSVDB ID: 66827 Apple iOS Kernel Unspecified Local Privilege Escalation Source: BID Type: UNKNOWN 42151 Source: CCN Type: BID-42151 Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability Source: XF Type: UNKNOWN appleios-kernel-privilege-escalation(60857) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||