Vulnerabilities > CVE-2009-2815 - Resource Management Errors vulnerability in Apple Iphone OS

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
apple
CWE-399

Summary

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36336 CVE ID:CVE-2009-2815 iPhone是一款苹果公司发布的智能手机。 iPhone处理到知通告的SMS消息存在NULL指针应用错误,发送特殊构建的SMS消息可导致服务中断,造成拒绝服务攻击。 Apple iPhone 3.0.1 Apple iPhone 2.2.1 Apple iPhone 2.0.2 Apple iPhone 2.0.1 Apple iPhone 1.1.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone 1.1.1 Apple iPhone 1.0.2 Apple iPhone 1.0.1 Apple iPhone 3.0 Apple iPhone 2.2 Apple iPhone 2.1 Apple iPhone 2.0 Apple iPhone 1.1 Apple iPhone 1 用户可联系供应商获得最新程序Apple iPhone 3.1: http://www.apple.com/iphone/
idSSV:12276
last seen2017-11-19
modified2009-09-11
published2009-09-11
reporterRoot
titleApple iPhone 3.1之前版本SMS消息NULL指针引用漏洞