PRIOn knowledge basePRION:CVE-2009-2204

HistoryAug 03, 2009 - 6:30 p.m.

Memory corruption

2009-08-0318:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.21 Low

EPSS

Percentile

96.4%

JSON

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

CPENameOperatorVersion
iphone_oseq1.0.2
iphone_oseq1.0
iphone_oseq1.1.1
iphone_oseq2.0.0
iphone_osle3.0
iphone_oseq1.1.2
iphone_oseq1.1.3
iphone_oseq1.1
iphone_oseq1.1.0
iphone_oseq1.0.1

Name	Operator	Version
iphone_os	eq	1.0.2
iphone_os	eq	1.0
iphone_os	eq	1.1.1
iphone_os	eq	2.0.0
iphone_os	le	3.0
iphone_os	eq	1.1.2
iphone_os	eq	1.1.3
iphone_os	eq	1.1
iphone_os	eq	1.1.0
iphone_os	eq	1.0.1

Rows per page:

1-10 of 171

References

lists.apple.com/archives/security-announce/2009/Jul/msg00001.html

news.cnet.com/8301-1009_3-10278472-83.html

secunia.com/advisories/36070

securitytracker.com/id?1022626

support.apple.com/kb/HT3754

www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

www.osvdb.org/55687

www.securityfocus.com/bid/35569

www.syscan.org/Sg/program.html

www.vupen.com/english/advisories/2009/2105