Vulnerabilities > CVE-2009-2204 - Remote Code Execution vulnerability in Apple iPhone SMS Application
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
Vulnerable Configurations
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35569 CVE(CAN) ID: CVE-2009-2204,CVE-2009-2315 Apple iPhone是苹果最新发布的智能手机。 iPhone手机在解码短信消息时存在内存破坏漏洞,远程攻击者可以通过发送恶意短信导致执行任何代码、获取GPS坐标或启用话筒。 Apple iPhone 3.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com |
| id | SSV:11983 |
| last seen | 2017-11-19 |
| modified | 2009-08-05 |
| published | 2009-08-05 |
| reporter | Root |
| title | Apple iPhone短信消息远程内存破坏漏洞 |
References
- http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html
- http://news.cnet.com/8301-1009_3-10278472-83.html
- http://secunia.com/advisories/36070
- http://securitytracker.com/id?1022626
- http://support.apple.com/kb/HT3754
- http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
- http://www.osvdb.org/55687
- http://www.securityfocus.com/bid/35569
- http://www.syscan.org/Sg/program.html
- http://www.vupen.com/english/advisories/2009/2105