VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 19, 2011· Updated Apr 29, 2026

CVE-2011-0227

CVE-2011-0227

Description

The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper type conversion in IOMobileFrameBuffer queueing primitives on iOS allows a local, crafted application to gain system privileges before versions 4.2.9 and 4.3.4.

Vulnerability

The queueing primitives in IOMobileFrameBuffer on Apple iOS contain an improper type conversion flaw. This vulnerability affects iOS versions before 4.2.9 (for iPhone 4 CDMA models) and iOS 4.3.x before 4.3.4 (for iPhone 3GS, iPhone 4 GSM, iPod touch 3rd generation and later, and iPad). The bug resides in the kernel extension responsible for frame buffer management, allowing a crafted application to trigger the type confusion.

Exploitation

An attacker must have the ability to install and run a crafted application on the device. No additional network access or user interaction beyond launching the malicious app is required. The application triggers the type conversion error in the IOMobileFrameBuffer queueing code path, potentially corrupting kernel memory.

Impact

Successful exploitation permits a local user to gain elevated privileges within the iOS kernel. This can lead to arbitrary code execution with kernel-level access, completely compromising the device's confidentiality, integrity, and availability.

Mitigation

Apple addressed this vulnerability in iOS 4.2.9 (for iPhone 4 CDMA) and iOS 4.3.4 (for other affected devices), released on July 15, 2011. Users should update their devices to these or later versions. No workaround is available for unpatched systems.

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

37
  • Apple Inc./Iphone Os36 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 35 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=4.2.8
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <4.2.9, 4.3.x <4.3.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.