OSVDB ID: 85626

Title: Apple iOS Mail Attachment Handling Identical Content-ID Attachment Display Weakness

Info

Disclosure

Sep 19, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 19, 2012

Description

Apple iOS contains a flaw that is triggered when Mail improperly reuses Content-ID header values. This may cause the contents of an attachment from a previous email message that has the same Content-ID as an attachment from a later email message to be displayed in its place.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Apple iOS

5.1.1

References

Security Tracker: 1027552
CVE ID: 2012-3730 (see also: NVD)
Secunia Advisory ID: 50586
Related OSVDB ID: 85620 85621 85622 85623 85624 85625 85627 85628 85629 85630 85631 85632 85633 85634 85635 85636 85637 85638 85639 85640 85641 85642 85643
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5503

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85626