CVE-2013-3951
Description
A parsing flaw in Apple's user-space stack-cookie implementation allows local attackers to bypass stack protection on iOS 6.1.3 and OS X 10.8.x.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A parsing flaw in Apple's user-space stack-cookie implementation allows local attackers to bypass stack protection on iOS 6.1.3 and OS X 10.8.x.
Vulnerability
The vulnerability resides in sys/openbsd/stack_protector.c within libc on Apple iOS 6.1.3 and Mac OS X 10.8.x. The stack-cookie randomization mechanism fails to properly parse Apple-specific strings, specifically when a program's call-path begins with the substring stack-guard=. This allows the cookie to be bypassed.
Exploitation
An attacker with local access can execute a program that has a call-path starting with stack-guard=. This can be achieved via an iOS untethering attack or by targeting a setuid program on Mac OS X. No additional authentication is required beyond local user access.
Impact
Successful exploitation bypasses the stack-cookie protection, enabling the attacker to perform buffer overflow attacks without detection. This can lead to arbitrary code execution with the privileges of the vulnerable program, potentially escalating to root on setuid binaries.
Mitigation
Apple addressed this issue in later versions of iOS and OS X. Users should upgrade to iOS 7 or later and OS X 10.9 or later. No workaround is available for the affected versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=8.2
- cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.10.4
- cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
- (no CPE)range: 10.8.x
- Range: =6.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdfnvdExploit
- lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlnvdVendor Advisory
- support.apple.com/HT205212nvdVendor Advisory
- support.apple.com/HT205213nvdVendor Advisory
- support.apple.com/HT205267nvdVendor Advisory
- www.securitytracker.com/id/1033703nvd
- www.syscan.org/index.php/sg/program/day/2nvd
News mentions
0No linked articles in our index yet.