VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2011· Updated Apr 29, 2026

CVE-2011-3245

CVE-2011-3245

Description

The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Apple iOS before 5, the Keyboards component exposes the last character of a password when the keyboard is reused, allowing nearby attackers to observe it.

Vulnerability

The Keyboards component in Apple iOS prior to version 5.0 displays the final character of an entered password during a subsequent use of the keyboard. This affects all devices running iOS versions before 5, including iPhone 3GS, iPhone 4, iPod touch (3rd generation and later), and iPad. The bug occurs when the keyboard is opened again after a password has been typed, revealing only the last character of the previously entered password on the screen [1].

Exploitation

An attacker must be physically proximate to the device and able to view the screen when the user next brings up the keyboard (e.g., in an app requiring text input). No authentication, special privileges, or network access is needed. The attacker simply observes the character that briefly appears on the keyboard or in the input field before the user continues typing [1].

Impact

By observing the final character of a password, a physically proximate attacker can obtain a single character of sensitive information. With repeated observation of multiple keyboard uses (e.g., across different password fields or sessions), an attacker could gradually reconstruct the full password. This results in a confidentiality violation [1].

Mitigation

The vulnerability is fixed in iOS 5.0, which was released on October 12, 2011, as described in the Apple security advisory [1]. Users should update to iOS 5 or later via iTunes. No alternative workarounds are documented, and there is no indication of this issue being exploited in the wild or listed on CISA’s Known Exploited Vulnerabilities catalog.

References
  1. About the security content of iOS 5 Software Update - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

30
  • Apple Inc./Iphone Os29 versions
    cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*+ 28 more
    • cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.