[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
From: Vulnerability Lab <research () vulnerability-lab ! com>
Date: 2017-04-28 10:21:59
Message-ID: 93bcafa0-b559-cabf-05cc-d19059912e17 () vulnerability-lab ! com
[Download RAW message or body]
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability
References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059
Video: https://www.youtube.com/watch?v=MSscCLATxPQ
Release Date:
=============
2017-04-27
Vulnerability Laboratory ID (VL-ID):
====================================
2059
Common Vulnerability Scoring System:
====================================
3.3
Vulnerability Class:
====================
Denial of Service
Discovery Status:
=================
Published
Exploitation Technique:
=======================
Local
Severity Level:
===============
Medium
Technical Details & Description:
================================
The control panel of the ios 10.2 and ios 10.3 has a vulnerability inside of the memory \
management. In case of an attacker interact with multiple application through the control \
panel in the same time interval, the mobile crashs. The video has been recorded in the \
vulnerability laboratory environment after the disclosure of the vulnerability. The issue leads \
to a permanent idevice freeze or a loop reboot after the application crashs on app hangs.
Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - \
(https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab)
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its \
suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability Labs or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability mainly for incidental or consequential damages so the \
foregoing limitation may not apply. We do not approve or encourage anybody to break any \
licenses, policies, deface websites, hack into databases or trade with stolen data. We have no \
need for criminal activities or membership requests. We do not publish advisories or \
vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or \
individuals. We do not publish trade researcher mails, phone numbers, conversations or \
anything else to journalists, investigative authorities or private individuals.
Domains: www.vulnerability-lab.com - www.vulnerability-db.com - www.evolution-sec.com
Programs: vulnerability-lab.com/submit.php - \
vulnerability-lab.com/list-of-bug-bounty-programs.php - \
vulnerability-lab.com/register.php
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - \
vulnerability-lab.com/rss/rss_news.php
Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - \
youtube.com/user/vulnerability0lab
Any modified copy or reproduction, including partially usages, of this file, resources or \
information requires authorization from Vulnerability Laboratory. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All \
pictures, texts, advisories, source code, videos and other information on this website is \
trademark of vulnerability-lab team & the specific authors or managers. To record, list, \
modify, use or edit our material contact (admin@) to get an ask permission.
Copyright © 2017 | Vulnerability Laboratory - [Evolution Security GmbH]â„¢
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic