June 18, 2009
>>
1.Overview
The “iPhone” and ”iPod touch”,70-467, which are supplied by Apple Inc., have “iPhone OS” (iPod touch has “iPhone OS for iPod touch”) embedded as their base operating system.
“iPhone OS” contains a vulnerability which may lead “iPhone OS” to a denial-of-service (DoS) condition due to a problem in processing requests made via network. If exploited, there is a possibility that the “iPhone” or “iPod touch” may cease operations in the event an external attack is experienced.
For detailed information, refer to the URL below:
For the latest information, refer to the URL below:
The IPA first received a report concerning this vulnerability through the creditee below on December 17, 2008, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on June 18, 2009.
Credit: Masaki Yoshida
2.Impact
When an external attack is experienced, “iPhone” and “iPod touch” may cease operation. As a result, there is a possibility that the “iPhone” or “iPod touch” may fall into a condition where user operations are not accepted.
3.Solution
To fix this vulnerability, update to the fixed version supplied by the vendor.
4.CVSS Severity
(1)Evaluation Result
| Severity Rating (CVSS base score) |
□,070-497; Low (0.0~3.9) |
□ Medium (4.0~6.9) |
■ High (7.0~10.0) |
|---|---|---|---|
| CVSS base score | 7.8 |
(2) Base Score Metrics
| AV:Access Vector | □ Local | □ Adjacent Network |
■ Network |
|---|---|---|---|
| AC:Access Complexity | □ High | □ Medium | ■ Low |
| Au:Authentication | □ Multiple | □ Single | ■ None |
| C:Confidentiality Impact | ■ None | □ Partial | □ Complete |
| I:Integrity Impact | ■ None | □ Partial | □ Complete |
| A:Availability Impact | □,EX0-002; None | □ Partial | ■ Complete |
■:Selected Values