Vulnerabilities > CVE-2009-2204 - Unspecified vulnerability in Apple Iphone OS
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
Vulnerable Configurations
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 35569 CVE(CAN) ID: CVE-2009-2204,CVE-2009-2315 Apple iPhone是苹果最新发布的智能手机。 iPhone手机在解码短信消息时存在内存破坏漏洞,远程攻击者可以通过发送恶意短信导致执行任何代码、获取GPS坐标或启用话筒。 Apple iPhone 3.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com |
id | SSV:11983 |
last seen | 2017-11-19 |
modified | 2009-08-05 |
published | 2009-08-05 |
reporter | Root |
title | Apple iPhone短信消息远程内存破坏漏洞 |
References
- http://secunia.com/advisories/36070
- http://securitytracker.com/id?1022626
- http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
- http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html
- http://support.apple.com/kb/HT3754
- http://www.vupen.com/english/advisories/2009/2105
- http://www.osvdb.org/55687
- http://www.securityfocus.com/bid/35569
- http://www.syscan.org/Sg/program.html
- http://news.cnet.com/8301-1009_3-10278472-83.html