Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2204

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-2204
Last Modified 30 Mar 2010 12:00:00
Published 03 Aug 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2204

Summary

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 3.0


References

VUPEN - ADV-2009-2105

SECTRACK - 1022626

MISC - http://www.syscan.org/Sg/program.html

BID - 35569

OSVDB - 55687

MISC - http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

CONFIRM - http://support.apple.com/kb/HT3754

SECUNIA - 36070

MISC - http://news.cnet.com/8301-1009_3-10278472-83.html

APPLE - APPLE-SA-2009-07-31-1


Last Updated: 27 May 2016 10:50:48