CVE-2009-0961
published 2009-06-19CVE-2009-0961: The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
6.38%
92.8th percentile
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (2)
exploitdb·2009-05-17
CVE-2009-0961 Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (2)
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (2)
---
source: https://www.securityfocus.com/bid/35425/info
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.
Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.
iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner function a() { document.write(""); } setTimeout("a()", 100);
Exploit-DB
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (3)
exploitdb·2009-05-17
CVE-2009-0961 Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (3)
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (3)
---
source: https://www.securityfocus.com/bid/35425/info
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.
Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.
iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner l = ""; document.write(l);
Exploit-DB
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (1)
exploitdb·2009-05-17
CVE-2009-0961 Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (1)
Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass (1)
---
source: https://www.securityfocus.com/bid/35425/info
Apple iPhone is prone to a security-bypass vulnerability that may cause a call to be placed automatically.
Successfully exploiting this issue may allow attackers to bypass the Mail's call-approval dialog and place a call automatically from a vulnerable device.
NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it.
iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://osvdb.org/55238http://support.apple.com/kb/HT3639http://www.securityfocus.com/bid/35414http://www.vupen.com/english/advisories/2009/1621https://exchange.xforce.ibmcloud.com/vulnerabilities/51210http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://osvdb.org/55238http://support.apple.com/kb/HT3639http://www.securityfocus.com/bid/35414http://www.vupen.com/english/advisories/2009/1621https://exchange.xforce.ibmcloud.com/vulnerabilities/51210
2009-06-19
Published