VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2012· Updated Apr 29, 2026

CVE-2012-3730

CVE-2012-3730

Description

In Apple iOS before 6, improper reuse of Content-ID header values in Mail allows remote attackers to spoof attachments across different email messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In Apple iOS before 6, improper reuse of Content-ID header values in Mail allows remote attackers to spoof attachments across different email messages.

Vulnerability

In Mail on Apple iOS before version 6, the application does not properly handle reuse of Content-ID header values. This flaw allows a remote attacker to spoof attachments by using a Content-ID value that was previously used in a different e-mail message, even from a different sender. The issue affects iPhone 3GS and later, iPod touch (4th generation) and later, and iPad 2 and later running iOS versions prior to 6 [1].

Exploitation

An attacker can send a crafted email message containing a Content-ID header that matches a value previously used in another email. No special authentication or network position beyond sending email is required; the victim only needs to view the message in the Mail application on an affected device. The attacker does not need prior access to the device or any user interaction beyond reading the email [1].

Impact

Successful exploitation allows the attacker to spoof the origin or content of an email attachment. This can lead to information disclosure if the victim trusts the attachment based on the spoofed context, potentially undermining the integrity and confidentiality of email communications. The attacker gains the ability to misrepresent the source or nature of attached files [1].

Mitigation

The vulnerability is addressed in iOS 6, released on September 19, 2012. Users should update their devices to iOS 6 or later via iTunes. No workarounds are documented for earlier versions. The issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].

References
  1. About the security content of iOS 6 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

41
  • Apple Inc./Iphone OS40 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 39 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=5.1.1
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.