Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (VoIP/Phone/FAX)  >   Apple iPhone Vendors:   Apple
Apple iPhone Browser Bug Lets Remote Users Initiate Calls
SecurityTracker Alert ID:  1021264
SecurityTracker URL:
CVE Reference:   CVE-2008-4233   (Links to External Site)
Updated:  Nov 21 2008
Original Entry Date:  Nov 21 2008
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0 - 2.1
Description:   A vulnerability was reported in Apple iPhone. A remote user can cause arbitrary phone calls to be placed by the target user's phone.

A remote user can create specially crafted HTML that, when loaded by the target user, will cause that target user's phone to place a phone call to an arbitrary number.

The HTML can dial a call and then launch an application while the call approval dialog is displayed to cause the call to be placed.

The HTML may be able to prevent the user from canceling the call for a short period of time.

Collin Mulliner of Fraunhofer SIT reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will initiate a phone call to an arbitrary number.
Solution:   The vendor has issued a fixed version (2.2).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC