Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
BID:25856
Info
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
| Bugtraq ID: | 25856 |
| Class: | Unknown |
| CVE: |
CVE-2007-3754 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 27 2007 12:00AM |
| Updated: | Sep 27 2007 12:00AM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Apple iPhone 1.0.1 Apple iPhone 1 Apple iPhone 0 |
| Not Vulnerable: |
Apple iPhone 1.1.1 |
Discussion
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
Apple iPhone Mail is prone to an information-disclosure vulnerability.
Attackers may exploit this issue to access potentially sensitive information; this may aid in further attacks.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Apple iPhone Mail is prone to an information-disclosure vulnerability.
Attackers may exploit this issue to access potentially sensitive information; this may aid in further attacks.
Versions prior to iPhone 1.1.1 are vulnerable.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Exploit / POC
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
Specific exploit code is not required; attackers may use readily available man-in-the-middle network attack utilities.
Specific exploit code is not required; attackers may use readily available man-in-the-middle network attack utilities.
Solution / Fix
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
Apple iPhone 1
Apple iPhone 1.0.1
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1.0.1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
References
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability
References:
References: