CVE-2009-2204
First published: Mon Aug 03 2009(Updated: )
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iPhone OS | =1.0.2 | |
| iPhone OS | =1.0 | |
| iPhone OS | =1.1.1 | |
| iPhone OS | =2.0.0 | |
| iPhone OS | <=3.0 | |
| iPhone OS | =1.1.2 | |
| iPhone OS | =1.1.3 | |
| iPhone OS | =1.1 | |
| iPhone OS | =1.1.0 | |
| iPhone OS | =1.0.1 | |
| iPhone OS | =2.1 | |
| iPhone OS | =1.1.5 | |
| iPhone OS | =1.1.4 | |
| iPhone OS | =1.0.0 | |
| iPhone OS | =2.0.2 | |
| iPhone OS | =2.0 | |
| iPhone OS | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/36070
- http://securitytracker.com/id?1022626
- http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
- http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html
- http://support.apple.com/kb/HT3754
- http://www.vupen.com/english/advisories/2009/2105
- http://www.osvdb.org/55687
- http://www.securityfocus.com/bid/35569
- http://www.syscan.org/Sg/program.html
- http://news.cnet.com/8301-1009_3-10278472-83.html
Frequently Asked Questions
What is the severity of CVE-2009-2204?
CVE-2009-2204 is considered a critical vulnerability due to its potential to allow remote code execution and access to sensitive functionalities.
How do I fix CVE-2009-2204?
The only effective fix for CVE-2009-2204 is to update to a version of iPhone OS that has addressed the vulnerability, specifically version 3.0.1 or later.
What type of attack does CVE-2009-2204 enable?
CVE-2009-2204 enables attackers to execute arbitrary code, access GPS coordinates, or activate the microphone via a malicious SMS message.
Which versions of iPhone OS are affected by CVE-2009-2204?
CVE-2009-2204 affects iPhone OS versions up to and including 3.0.
Who discovered CVE-2009-2204?
CVE-2009-2204 was demonstrated by security researcher Charlie Miller at the SyScan '09 conference in Singapore.
- agent/references
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/iphone os
- version/iphone os/1.0.2
- version/iphone os/1.0
- version/iphone os/1.1.1
- version/iphone os/2.0.0
- version/iphone os/3.0
- version/iphone os/1.1.2
- version/iphone os/1.1.3
- version/iphone os/1.1
- version/iphone os/1.1.0
- version/iphone os/1.0.1
- version/iphone os/2.1
- version/iphone os/1.1.5
- version/iphone os/1.1.4
- version/iphone os/1.0.0
- version/iphone os/2.0.2
- version/iphone os/2.0
- version/iphone os/2.0.1