SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (VoIP/Phone/FAX)  >   Apple iPhone Vendors:   Apple Computer
Apple iPhone Lets Physically Local Users Bypass Security Restrictions
SecurityTracker Alert ID:  1022867
SecurityTracker URL:  http://securitytracker.com/id/1022867
CVE Reference:   CVE-2009-2207, CVE-2009-2794, CVE-2009-2795, CVE-2009-2796   (Links to External Site)
Date:  Sep 9 2009
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0 through 3.0.1
Description:   Several vulnerabilities were reported in Apple iPhone. A physically local user can bypass security restrictions.

A physically local user can access the device after the timeout period specified by an Exchange administrator [CVE-2009-2794]. Version 2.0 and later versions are affected. Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies reported this vulnerability.

A physically local user can access deleted messages in Mail folders via Spotlight [CVE-2009-2207]. Clickwise Software and Tony Kavadias reported this vulnerability.

A physically local user can trigger a heap overflow in the Recovery Mode command to bypass the passcode and access data on the target device [CVE-2009-2795].

A physically local user can delete a character in a password and then undo the deletion to view the character [CVE-2009-2796]. Abraham Vegh reported this vulnerability.
Impact:   A physically local user can bypass security restrictions to access data on the target device.
Solution:   The vendor has issued a fix (3.1 (7C144) for iPhone, 3.1.1 (7C145) for iPod touch), available via iTunes.

The vendor's advisory is available at:

http://support.apple.com/kb/HT3860

Vendor URL:  support.apple.com/kb/HT3860 (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Wed, 9 Sep 2009 17:49:05 -0400
Subject:  Apple iPhone


Exchange Support
CVE-ID:  CVE-2009-2794
Available for:  iPhone OS 1.0 through 3.0.1,
iPhone OS for iPod touch 1.1 through 3.0
Impact:  A person with physical access to a device may be able to use
it after the timeout period specified by an Exchange administrator
Description:  iPhone OS provides the ability to communicate via
services provided by a Microsoft Exchange server. An administrator of
an Exchange server has the ability to specify a "Maximum inactivity
time lock" setting. This requires the user to reenter their passcode
after the expiration of the inactivity time in order to use the
Exchange services. iPhone OS allows a user to specify a "Require
Passcode" setting that may extend up to 4 hours. The "Require
Passcode" setting is not affected by the "Maximum inactivity time
lock" setting. If the user has "Require Passcode" set to a value
higher than the "Maximum inactivity time lock" setting, this would
allow a window of time for a person with physical access to use the
device, including Exchange services. This update addresses the issue
by disabling user choices for "Require Passcode" values greater than
the "Maximum inactivity time lock" setting. This issue only affects
iPhone OS 2.0 and later, and iPhone OS for iPod touch 2.0 and later.
Credit to Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies for reporting this
issue.

MobileMail
CVE-ID:  CVE-2009-2207
Available for:  iPhone OS 1.0 through 3.0.1,
iPhone OS for iPod touch 1.1 through 3.0
Impact:  Deleted email messages may still be visible through a
Spotlight search
Description:  Spotlight finds and allows access to deleted messages
in Mail folders on the device. This would allow a person with access
to the device to view the deleted messages. This update addresses the
issue by not including the deleted email in the Spotlight search
result. This issue only affects iPhone OS 3.0, iPhone OS 3.0.1, and
iPhone OS for iPod touch 3.0. Credit to Clickwise Software and Tony
Kavadias for reporting this issue.

Recovery Mode
CVE-ID:  CVE-2009-2795
Available for:  iPhone OS 1.0 through 3.0.1,
iPhone OS for iPod touch 1.1 through 3.0
Impact:  A person with physical access to a locked device may be able
to access the user's data
Description:  A heap buffer overflow exists in Recovery Mode command
parsing. This may allow another person with physical access to the
device to bypass the passcode, and access the user's data. This
update addresses the issue through improved bounds checking.

UIKit
CVE-ID:  CVE-2009-2796
Available for:  iPhone OS 1.0 through 3.0.1,
iPhone OS for iPod touch 1.1 through 3.0
Impact:  Passwords may be made visible
Description:  When a character in a password is deleted, and the
deletion is undone, the character is briefly made visible. This may
allow a person with physical access to the device to read a password,
one character at a time. This update addresses the issue by
preventing the character from being made visible. This issue only
affects iPhone OS 3.0 and iPhone OS 3.0.1. Credit to Abraham Vegh for
reporting this issue.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC