CVE-2009-0961

Apple iPhone OS <2.2.1 - Info Disclosure

Title source: llm

Description

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Collin Mulliner · htmlremotehardware

https://www.exploit-db.com/exploits/33046

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Collin Mulliner · htmlremotehardware

https://www.exploit-db.com/exploits/33045

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Collin Mulliner · htmlremotehardware

https://www.exploit-db.com/exploits/33044

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

[Patch, Vendor Advisory] http://support.apple.com/kb/HT3639

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51210

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35414

[Third Party Advisory, VDB Entry] http://osvdb.org/55238

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1621

Scores

EPSS 0.0423

EPSS Percentile 88.8%

Details

Status published

Products (19)

apple/iphone_os 1.0.0

apple/iphone_os 1.0.1

apple/iphone_os 1.0.2

apple/iphone_os 1.1.0

apple/iphone_os 1.1.1

apple/iphone_os 1.1.2

apple/iphone_os 1.1.3

apple/iphone_os 1.1.4

apple/iphone_os 1.1.5

apple/iphone_os 2.0

... and 9 more

Published Jun 19, 2009

Tracked Since Feb 18, 2026