VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 20, 2013· Updated Apr 29, 2026

CVE-2013-0977

CVE-2013-0977

Description

dyld in iOS <6.1.3 and Apple TV <5.2.1 mishandles Mach-O files with overlapping segments, allowing local users to bypass code-signing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

dyld in iOS <6.1.3 and Apple TV <5.2.1 mishandles Mach-O files with overlapping segments, allowing local users to bypass code-signing.

Vulnerability

dyld, the dynamic linker on Apple iOS before 6.1.3 and Apple TV before 5.2.1, contains a state management flaw when loading Mach-O executable files that have overlapping segments. This allows a crafted executable to bypass code-signing checks. Affected versions include iOS 6.1.2 and earlier, and Apple TV 5.2.0 and earlier [1][2].

Exploitation

A local user with the ability to run code on the device can create a Mach-O file with overlapping segments. When dyld loads this file, the improper state management causes it to not enforce code-signing requirements, allowing the attacker to execute unsigned code [1][2].

Impact

Successful exploitation enables a local user to execute unsigned code on the device, bypassing Apple's code-signing mechanism. This could lead to arbitrary code execution with the privileges of the user, potentially enabling further compromise [1][2].

Mitigation

Apple addressed this issue in iOS 6.1.3 and Apple TV 5.2.1 by refusing to load executables with overlapping segments. Users should update to these versions or later. No workaround is available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog [1][2].

References
  1. About the security content of iOS 6.1.3 - Apple Support
  2. About the security content of Apple TV 5.2.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

103
  • Apple Inc./Iphone OS72 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=6.1.2
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:-:ipad:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:-:ipodtouch:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*
  • Apple Inc./tvOS29 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=5.2.0
    • cpe:2.3:o:apple:tvos:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:4.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:5.1.1:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <6.1.3
  • Apple Inc./TVllm-fuzzy
    Range: <5.2.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.