Apple iPhone SMS Preview Disable Feature Can By Bypassed
|
|
SecurityTracker Alert ID: 1021021 |
|
SecurityTracker URL: http://securitytracker.com/id/1021021
|
|
CVE Reference:
CVE-2008-4230, CVE-2008-4593
(Links to External Site)
|
Updated: Nov 21 2008
|
Original Entry Date: Oct 9 2008
|
Impact:
Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 1.0 - 2.1
|
Description:
A vulnerability was reported in Apple iPhone. A physically local user can preview incoming SMS messages.
When the passcode lock is enabled and SMS Preview is disabled, a physically local user can enter emergency call mode to preview incoming SMS messages.
The vendor has been notified.
Karl Kraft reported this vulnerability.
The original advisory is available at:
http://www.karlkraft.com/index.php/2008/10/03/yet-another-iphone-emergency-call-security-bug/
|
Impact:
A physically local user can preview incoming SMS messages when SMS message preview is disabled and the passcode lock is enabled.
|
Solution:
The vendor has issued a fixed version (2.2).
The vendor's advisory is available at:
http://support.apple.com/kb/HT3318
[Editor's note: It appears that Apple has assigned CVE-2008-4230 to this vulnerability.]
|
Vendor URL: support.apple.com/kb/HT3318 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 9 Oct 2008 14:20:11 -0400
Subject: Apple iPhone
|
http://www.karlkraft.com/index.php/2008/10/03/yet-another-iphone-emergency-call-security-bug/
|
|
