Apple iOS contains a flaw related to the Siri component. The issue is triggered when Siri is enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen. This may allow an attacker to use a voice command to potentially send that particular message to an arbitrary recipient.

Upgrade to version 5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1026774
• CVE ID: 2012-0645 (see also: NVD)
• Secunia Advisory ID: 48288
• Related OSVDB ID: 79905 79906 79907 79908 79909 79910 79911 79912 79913 79914 79915 79916 79917 79918 79919 79920 79921 79922 79923 79924 79925 79926 79927 79928 79929 79930 79931 79932 79933 79934 79935 79936 79937 79938 79939 79940 79941 79942 79943 79944 79945 79946 79947 79948 79949 79950 79951 79952 79953 79954 79955 79956 79964 79965 79966 79967 79968 79969 79970 79971 79972 79974 79975
• Mail List Post: http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT5192
• Vendor URL: http://www.apple.com/

• Not Available