Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
BID:25855
Info
Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 25855 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-3753 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 27 2007 12:00AM |
| Updated: | Sep 27 2007 12:00AM |
| Credit: | Kevin Mahaffey and John Hering of Flexilis Mobile Security are credited with the discovery of this vulnerability. |
| Vulnerable: |
Apple iPhone 1.0.1 Apple iPhone 1 Apple iPhone 0 |
| Not Vulnerable: |
Apple iPhone 1.1.1 |
Discussion
Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
Apple iPhone is prone to a vulnerability that lets attackers excecute arbitrary code.
This issue affects the phone's Bluetooth implementation.
An attacker in Bluetooth range of the phone may be able to execute arbitrary code. Failed exploit attempts will cause denial-of-service conditions.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Apple iPhone is prone to a vulnerability that lets attackers excecute arbitrary code.
This issue affects the phone's Bluetooth implementation.
An attacker in Bluetooth range of the phone may be able to execute arbitrary code. Failed exploit attempts will cause denial-of-service conditions.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Exploit / POC
Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
Apple iPhone 1
Apple iPhone 1.0.1
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1.0.1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
References
Apple iPhone Bluetooth Arbitrary Code Execution Vulnerability
References:
References: