CVE-2012-3738

LOW

Description

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.

References

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://osvdb.org/85620

http://support.apple.com/kb/HT5503

Details

Source: MITRE

Published: 2012-09-20

Updated: 2013-03-26

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW