CVE-2012-3749 Information

Description

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://secunia.com/advisories/51445 http://support.apple.com/kb/HT5567 http://support.apple.com/kb/HT5598 http://www.securityfocus.com/bid/56361