Vulnerability-Lookup

CVE-2013-5161 (GCVE-0-2013-5161)

Vulnerability from cvelistv5 – Published: 2013-09-28 01:00 – Updated: 2024-09-16 19:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

GSD-2013-5161

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5161

Aliases

CVE-2013-5161

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5161",
    "description": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.",
    "id": "GSD-2013-5161"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5161"
      ],
      "details": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.",
      "id": "GSD-2013-5161",
      "modified": "2023-12-13T01:22:21.482914Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-5161",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT5957",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5957"
          },
          {
            "name": "APPLE-SA-2013-09-26-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-5161"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-09-26-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5957",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT5957"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-07T20:53Z",
      "publishedDate": "2013-09-28T03:40Z"
    }
  }
}

FKIE_CVE-2013-5161

Vulnerability from fkie_nvd - Published: 2013-09-28 03:40 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT5957	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5957	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*
	apple	iphone_os	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5D1F01-0A62-4564-A68A-48BCEF980D99",
              "versionEndIncluding": "7.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo de bloqueo en Apple iOS anterior a la versi\u00f3n 7.0.2 no gestiona adecuadamente el estado de bloqueo, lo que permite f\u00edsicamente a atacantes pr\u00f3ximos evitar el c\u00f3digo de acceso, abrir la aplicaci\u00f3n de la c\u00e1mara o leer la lista de todas las aplicaciones recientes, mediante el aprovechamiento de errores de transici\u00f3n no especificados."
    }
  ],
  "id": "CVE-2013-5161",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-28T03:40:55.433",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5957"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MG2J-64FV-PQ52

Vulnerability from github – Published: 2022-05-17 05:02 – Updated: 2022-05-17 05:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5161"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-28T03:40:00Z",
    "severity": "MODERATE"
  },
  "details": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.",
  "id": "GHSA-mg2j-64fv-pq52",
  "modified": "2022-05-17T05:02:52Z",
  "published": "2022-05-17T05:02:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5161"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5957"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201309-0401

Vulnerability from variot - Updated: 2025-04-11 23:04

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. there is a possibility. Apple iOS is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and gain unauthorized access to the device's application, thereby disclosing sensitive information. Apple iOS 7 is vulnerable; other versions may also be affected. The vulnerability stems from the program not properly managing the locking state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2013-09-26-1 iOS 7.0.2

iOS 7.0.2 is now available and addresses the following:

Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL dereference existed in the lock screen which would cause it to restart if the emergency call button was tapped repeatedly. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference. CVE-ID CVE-2013-5160 : Karam Daoud of PART - Marketing & Business Development, Andrew Chung, Mariusz Rysz

Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see recently used apps, see, edit, and share photos Description: The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked. CVE-ID CVE-2013-5161 : videosdebarraquito

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "7.0.2".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJSQ2o5AAoJEPefwLHPlZEwmj8P/04PIEJuGhf8hv/IdYIHMLol chQHK/MXigk+aH9BriQbFpqAyByqyh9x4+6hJeywWdtF7u6SzfbRgBNoPWEZw0d8 VrtVBMi2VeNRTxOJWV+rivA7xA2doxkLSIILHzDVenj8JeNO87q85KsrhRmzmeaa jUojdE9o/0OGjjF1WuDM4UDGx/TzhpUoqzFR1hSP41g87xsYp/gRTV/R3821lxG6 8sUSeJ4l8qHFQKIUPAxJaSie8JbbK8Yeturix6sMCvYZdougtd7oMV5TxJVZXbC1 ePZUvhfVwuD7y5bFx2VKYvci5oFMgOlNyFZMDrkpM8BF2UsfEmvoHQPLwzYSdXXs 5wY/nwbuKm57Wq8PH0H3hyt4ycH0YB1YqxtY8oPjREJioA6mLHNGs70HFHvf+zjW 7ukGnI7c2efMMjoM0+UCmo03/5Wh8ji0tjrDjvM3gybm8keXH/cZPF13/kihXrs/ M6QVgWWjCO/IqhUh4MGDWzfzCqg+hlNJLAR/r1TocuDb4/NWj/nI2FHIoDIsNYjR XZ9qw0sIqsTF3nqf3zKhxEtXENEpSnGR7xGJ6xjcy8BCobHn81m7XKpnQFaNBido C669zPmyF0B6W0LiRmwvCp0Z6ielE0Tu3f9jsikOT/NUEqGFPtBhqR238G1rmHzH 6vDxXI1d8H2uZqoShAaZ =Nryx -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0401",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.0.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.0.2   (iphone 4 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.0.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jose Rodriguez",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2013-5161",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2013-5161",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-65163",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-5161",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5161",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-441",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65163",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. there is a possibility. Apple iOS is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. \nAn attacker with physical access to a locked device can leverage  this  issue to bypass the lock screen and gain unauthorized access to the   device\u0027s application, thereby disclosing sensitive information. \nApple iOS 7 is vulnerable; other versions may also be affected. The vulnerability stems from the program not properly managing the locking state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-26-1 iOS 7.0.2\n\niOS 7.0.2 is now available and addresses the following:\n\nPasscode Lock\nAvailable for:  iPhone 4 and later\nImpact:  A person with physical access to the device may be able to\nmake calls to any number\nDescription:  A NULL dereference existed in the lock screen which\nwould cause it to restart if the emergency call button was tapped\nrepeatedly. While the lock screen was restarting, the call dialer\ncould not get the lock screen state and assumed the device was\nunlocked, and so allowed non-emergency numbers to be dialed. This\nissue was addressed by avoiding the NULL dereference. \nCVE-ID\nCVE-2013-5160 : Karam Daoud of PART - Marketing \u0026 Business\nDevelopment, Andrew Chung, Mariusz Rysz\n\nPasscode Lock\nAvailable for:  iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nsee recently used apps, see, edit, and share photos\nDescription:  The list of apps you opened could be accessed during\nsome transitions while the device was locked, and the Camera app\ncould be opened while the device was locked. \nCVE-ID\nCVE-2013-5161 : videosdebarraquito\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.0.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSQ2o5AAoJEPefwLHPlZEwmj8P/04PIEJuGhf8hv/IdYIHMLol\nchQHK/MXigk+aH9BriQbFpqAyByqyh9x4+6hJeywWdtF7u6SzfbRgBNoPWEZw0d8\nVrtVBMi2VeNRTxOJWV+rivA7xA2doxkLSIILHzDVenj8JeNO87q85KsrhRmzmeaa\njUojdE9o/0OGjjF1WuDM4UDGx/TzhpUoqzFR1hSP41g87xsYp/gRTV/R3821lxG6\n8sUSeJ4l8qHFQKIUPAxJaSie8JbbK8Yeturix6sMCvYZdougtd7oMV5TxJVZXbC1\nePZUvhfVwuD7y5bFx2VKYvci5oFMgOlNyFZMDrkpM8BF2UsfEmvoHQPLwzYSdXXs\n5wY/nwbuKm57Wq8PH0H3hyt4ycH0YB1YqxtY8oPjREJioA6mLHNGs70HFHvf+zjW\n7ukGnI7c2efMMjoM0+UCmo03/5Wh8ji0tjrDjvM3gybm8keXH/cZPF13/kihXrs/\nM6QVgWWjCO/IqhUh4MGDWzfzCqg+hlNJLAR/r1TocuDb4/NWj/nI2FHIoDIsNYjR\nXZ9qw0sIqsTF3nqf3zKhxEtXENEpSnGR7xGJ6xjcy8BCobHn81m7XKpnQFaNBido\nC669zPmyF0B6W0LiRmwvCp0Z6ielE0Tu3f9jsikOT/NUEqGFPtBhqR238G1rmHzH\n6vDxXI1d8H2uZqoShAaZ\n=Nryx\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "BID",
        "id": "62579"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "PACKETSTORM",
        "id": "123427"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5161",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "62579",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2013-09-26-1",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-61052",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-65163",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "123427",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "BID",
        "id": "62579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "PACKETSTORM",
        "id": "123427"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "id": "VAR-201309-0401",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T23:04:04.479000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-09-26-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
      },
      {
        "title": "HT5957",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5957"
      },
      {
        "title": "HT5957",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5957?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00009.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht5957"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5161"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5161"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/62579"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5161"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5160"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "BID",
        "id": "62579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "PACKETSTORM",
        "id": "123427"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "db": "BID",
        "id": "62579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "db": "PACKETSTORM",
        "id": "123427"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "date": "2013-09-19T00:00:00",
        "db": "BID",
        "id": "62579"
      },
      {
        "date": "2013-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "date": "2013-09-27T22:28:33",
        "db": "PACKETSTORM",
        "id": "123427"
      },
      {
        "date": "2013-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "date": "2013-09-28T03:40:55.433000",
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65163"
      },
      {
        "date": "2013-09-28T00:13:00",
        "db": "BID",
        "id": "62579"
      },
      {
        "date": "2013-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      },
      {
        "date": "2013-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2013-5161"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "62579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS Vulnerabilities that bypass the passcode requirement in passcode lock",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004352"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-441"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2013-AVI-547

Vulnerability from certfr_avis - Published: 2013-09-27 - Updated: 2013-09-27

De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Apple iOS 7.0.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5161 (GCVE-0-2013-5161)

GSD-2013-5161

FKIE_CVE-2013-5161

GHSA-MG2J-64FV-PQ52

VAR-201309-0401

CERTA-2013-AVI-547

Solution

Tags

Sightings

Nomenclature