CVE-2010-2973

Published: Aug 5, 2010Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

Affected (6)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0

Running on/with	Platform Versions
Apple Iphone Os	All versions

Configuration B

1 platform

Running on/with	Platform Versions
Apple Ipad	All versions

Configuration C

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.0

Running on/with	Platform Versions
Apple Ipod Touch	All versions

Related CWEs

CWE-264

References (16)

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html

Source: cve@mitre.org

http://osvdb.org/66827

Source: cve@mitre.org

http://secunia.com/advisories/40807

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT4291

Source: cve@mitre.org

http://support.apple.com/kb/HT4292

Source: cve@mitre.org

http://www.exploit-db.com/exploits/14538

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/42151

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html