CVE-2009-2204

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0550%

EPSS Percentile11.48th

PublishedAug 3, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Affected Platforms (CPE)

💻

Apple

Iphone Os

<= 3.0

💻

Apple

Iphone Os

= 1.0

💻

Apple

Iphone Os

= 1.0.0

💻

Apple

Iphone Os

= 1.0.1

💻

Apple

Iphone Os

= 1.0.2

💻

Apple

Iphone Os

= 1.1

💻

Apple

Iphone Os

= 1.1.0

💻

Apple

Iphone Os

= 1.1.1

💻

Apple

Iphone Os

= 1.1.2

💻

Apple

Iphone Os

= 1.1.3

💻

Apple

Iphone Os

= 1.1.4

💻

Apple

Iphone Os

= 1.1.5

💻

Apple

Iphone Os

= 2.0

💻

Apple

Iphone Os

= 2.0.0

💻

Apple

Iphone Os

= 2.0.1

💻

Apple

Iphone Os

= 2.0.2

💻

Apple

Iphone Os

= 2.1

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html

🔗 http://news.cnet.com/8301-1009_3-10278472-83.html

🔗 http://secunia.com/advisories/36070

🔗 http://securitytracker.com/id?1022626

🔗 http://support.apple.com/kb/HT3754

🔗 http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf

🔗 http://www.osvdb.org/55687

🔗 http://www.securityfocus.com/bid/35569

Vulnerability Description

Affected Platforms (CPE)

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

Iphone Os

References & Advisories

Related Vulnerabilities