CVE-2013-3955

Name of the Vulnerable Software and Affected Versions Apple iOS versions 5.x through 6.1.3

Description The issue is related to the get xattrinfo function in the XNU kernel, which does not properly validate the header of an AppleDouble file. This could allow local users to cause a denial of service, potentially resulting in memory corruption, or have other unspecified impacts by using an invalid file on an msdosfs filesystem.

Recommendations For Apple iOS versions 5.x through 6.1.3, consider restricting access to msdosfs filesystems to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using invalid AppleDouble files on affected devices.