9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.039 Low
EPSS
Percentile
92.0%
The remote mobile host is a using a version of Apple iOS earlier than 3.1. Such versions are potentially affected by multiple issues:
An issue in WebKitβs handling of the parent and top objects could result in cross-site scripting attacks. (CVE-2009-1724)
A memory corruption issue in WebKitsβs handling of numeric character references. (CVE-2009-1725)
The International Domain Name support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. (CVE-2009-2199)
A heap buffer overflow exists in the handling of AAC or MP3 files. (CVE-2009-2206)
Spotlight finds and allows access to deleted messages in Mail folders on the device. (CVE-2009-2207)
The iPhone OS allows users to specify a βRequire Passcodeβ setting that may be greater than the βMaximum Inactivity time lockβ setting from Microsoft Exchange servers. (CVE-2009-2794)
A heap buffer overflow exists in Recovery Mode command parsing. (CVE-2009-2795)
When a character in a password is deleted, and the deletion is undone, the character is briefly made visible. (CVE-2009-2796)
Safari includes the user name and password from the original URL in the referer header. (CVE-2009-2797)
A null pointer dereference issue exists in the handling of SMS arrival notifications. (CVE-2009-2815)
Binary data 5160.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3273
support.apple.com/kb/HT3860