SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Apple iPhone Vendors:   Apple
Apple iPhone Browser Bug Lets Remote Users Initiate Calls
SecurityTracker Alert ID:  1021264
SecurityTracker URL:  http://securitytracker.com/id/1021264
CVE Reference:   CVE-2008-4233   (Links to External Site)
Updated:  Nov 21 2008
Original Entry Date:  Nov 21 2008
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0 - 2.1
Description:   A vulnerability was reported in Apple iPhone. A remote user can cause arbitrary phone calls to be placed by the target user's phone.

A remote user can create specially crafted HTML that, when loaded by the target user, will cause that target user's phone to place a phone call to an arbitrary number.

The HTML can dial a call and then launch an application while the call approval dialog is displayed to cause the call to be placed.

The HTML may be able to prevent the user from canceling the call for a short period of time.

Collin Mulliner of Fraunhofer SIT reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will initiate a phone call to an arbitrary number.
Solution:   The vendor has issued a fixed version (2.2).

The vendor's advisory is available at:

http://support.apple.com/kb/HT3318

Vendor URL:  support.apple.com/kb/HT3318 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC