CVE-2008-3612
CRITICALApple iPod touch <2.0.2 & iPhone <2.0.2 - Info Disclosure
Title source: llmDescription
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
References (10)
Core 10
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020848
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2525
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3026
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3129
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31823
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2558
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31900
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31092
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
Scores
CVSS v3
9.8
EPSS
0.0352
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-330
Status
published
Products (1)
apple/iphone_os
2.0.0 - 2.0.2
Published
Sep 11, 2008
Tracked Since
Feb 18, 2026