Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0960

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0960
Last Modified 30 Mar 2012 12:00:00
Published 19 Jun 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0960

Summary

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1


References

CONFIRM - http://support.apple.com/kb/HT3639

APPLE - APPLE-SA-2009-06-17-1

XF - iphone-ipod-mail-weak-security(51209)

VUPEN - ADV-2009-1621

BID - 35434

BID - 35414


Last Updated: 27 May 2016 10:57:30