Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
BID:25862
Info
Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
| Bugtraq ID: | 25862 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-3755 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 27 2007 12:00AM |
| Updated: | Oct 01 2007 04:49PM |
| Credit: | Andi Baritchi of McAfee reported this issue to the vendor. |
| Vulnerable: |
Apple iPhone 1.0.1 Apple iPhone 1 Apple iPhone 0 |
| Not Vulnerable: |
Apple iPhone 1.1.1 |
Discussion
Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
Apple iPhone is prone to a vulnerability that lets attackers make unauthorized phone calls.
This issue affects the phone's Mail application.
Attackers may exploit this issue to initiate unauthorized telephone calls to arbitrary phone numbers.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Versions prior to iPhone 1.1.1 are vulnerable.
Apple iPhone is prone to a vulnerability that lets attackers make unauthorized phone calls.
This issue affects the phone's Mail application.
Attackers may exploit this issue to initiate unauthorized telephone calls to arbitrary phone numbers.
NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details.
Versions prior to iPhone 1.1.1 are vulnerable.
Exploit / POC
Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
To exploit this issue, an attacker will have to entice a victim into following a malicious URI.
To exploit this issue, an attacker will have to entice a victim into following a malicious URI.
Solution / Fix
Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
Apple iPhone 1
Apple iPhone 1.0.1
Solution:
A vendor advisory is available to address this issue. Please see the referenced advisory for more information.
Apple iPhone 0
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
Apple iPhone 1.0.1
-
Apple iTunesSetup.exe
http://www.apple.com/itunes/download/iTunesSetup.exe
References
Apple iPhone Mail Unauthorized tel: Initiation Vulnerability
References:
References: