CVE-2009-0958: Infoleak
First published: Fri Jun 19 2009(Updated: )
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iStyle @cosme iPhone OS | =1.0.0 | |
| iStyle @cosme iPhone OS | =1.0.1 | |
| iStyle @cosme iPhone OS | =1.0.2 | |
| iStyle @cosme iPhone OS | =1.1.0 | |
| iStyle @cosme iPhone OS | =1.1.1 | |
| iStyle @cosme iPhone OS | =1.1.2 | |
| iStyle @cosme iPhone OS | =1.1.3 | |
| iStyle @cosme iPhone OS | =1.1.4 | |
| iStyle @cosme iPhone OS | =1.1.5 | |
| iStyle @cosme iPhone OS | =2.0 | |
| iStyle @cosme iPhone OS | =2.0.0 | |
| iStyle @cosme iPhone OS | =2.0.1 | |
| iStyle @cosme iPhone OS | =2.0.2 | |
| iStyle @cosme iPhone OS | =2.1 | |
| iStyle @cosme iPhone OS | =2.1.1 | |
| iStyle @cosme iPhone OS | =2.2 | |
| iStyle @cosme iPhone OS | =2.2.1 | |
| iStyle @cosme iPhone OS | ||
| Apple iPod touch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://support.apple.com/kb/HT3639
- http://www.securityfocus.com/bid/35414
- http://www.vupen.com/english/advisories/2009/1621
- http://www.securityfocus.com/bid/35447
- http://osvdb.org/55236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51208
Frequently Asked Questions
What is the severity of CVE-2009-0958?
CVE-2009-0958 is considered a medium severity vulnerability due to its potential to allow unauthorized access to sensitive information from remote Exchange servers.
How do I fix CVE-2009-0958?
To mitigate CVE-2009-0958, users should update their Apple iPhone OS or iPod touch to the latest versions that address this vulnerability.
What types of devices are affected by CVE-2009-0958?
CVE-2009-0958 affects Apple iPhone OS versions 1.0 through 2.2.1 and iPod touch versions 1.1 through 2.2.1.
What is the impact of CVE-2009-0958?
The impact of CVE-2009-0958 is that it allows remote Exchange servers to access sensitive user information without prompting for certificate verification.
Who is vulnerable to CVE-2009-0958?
Users of Apple iPhone OS and iPod touch running affected versions are vulnerable to CVE-2009-0958.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/1.0.0
- version/istyle @cosme iphone os/1.0.1
- version/istyle @cosme iphone os/1.0.2
- version/istyle @cosme iphone os/1.1.0
- version/istyle @cosme iphone os/1.1.1
- version/istyle @cosme iphone os/1.1.2
- version/istyle @cosme iphone os/1.1.3
- version/istyle @cosme iphone os/1.1.4
- version/istyle @cosme iphone os/1.1.5
- version/istyle @cosme iphone os/2.0
- version/istyle @cosme iphone os/2.0.0
- version/istyle @cosme iphone os/2.0.1
- version/istyle @cosme iphone os/2.0.2
- version/istyle @cosme iphone os/2.1
- version/istyle @cosme iphone os/2.1.1
- version/istyle @cosme iphone os/2.2
- version/istyle @cosme iphone os/2.2.1
- canonical/apple ipod touch