CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-2204

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0550%
EPSS Percentile11.48th
Published2009年8月3日
Last Modified2026年4月23日

Vulnerability Description

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.

Affected Platforms (CPE)

💻
Apple

Iphone Os

<= 3.0
💻
Apple

Iphone Os

= 1.0
💻
Apple

Iphone Os

= 1.0.0
💻
Apple

Iphone Os

= 1.0.1
💻
Apple

Iphone Os

= 1.0.2
💻
Apple

Iphone Os

= 1.1
💻
Apple

Iphone Os

= 1.1.0
💻
Apple

Iphone Os

= 1.1.1
💻
Apple

Iphone Os

= 1.1.2
💻
Apple

Iphone Os

= 1.1.3
💻
Apple

Iphone Os

= 1.1.4
💻
Apple

Iphone Os

= 1.1.5
💻
Apple

Iphone Os

= 2.0
💻
Apple

Iphone Os

= 2.0.0
💻
Apple

Iphone Os

= 2.0.1
💻
Apple

Iphone Os

= 2.0.2
💻
Apple

Iphone Os

= 2.1

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html
🔗 http://news.cnet.com/8301-1009_3-10278472-83.html
🔗 http://secunia.com/advisories/36070
🔗 http://securitytracker.com/id?1022626
🔗 http://support.apple.com/kb/HT3754
🔗 http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf
🔗 http://www.osvdb.org/55687
🔗 http://www.securityfocus.com/bid/35569

相关漏洞威胁

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2010-176910.0

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory d...