IPA Information-technology Promotion Agency, Japan IPAISEC:Vulnerabilities:Security Alert for Vulnerability in iPhone OS

June 18, 2009
>>

1.Overview

The “iPhone” and ”iPod touch”,70-467, which are supplied by Apple Inc., have “iPhone OS” (iPod touch has “iPhone OS for iPod touch”) embedded as their base operating system.

“iPhone OS” contains a vulnerability which may lead “iPhone OS” to a denial-of-service (DoS) condition due to a problem in processing requests made via network. If exploited, there is a possibility that the “iPhone” or “iPod touch” may cease operations in the event an external attack is experienced.

For detailed information, refer to the URL below:

For the latest information, refer to the URL below:

The IPA first received a report concerning this vulnerability through the creditee below on December 17, 2008, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on June 18, 2009.
Credit: Masaki Yoshida


2.Impact

When an external attack is experienced, “iPhone” and “iPod touch” may cease operation. As a result, there is a possibility that the “iPhone” or “iPod touch” may fall into a condition where user operations are not accepted.

Security Alert for Vulnerability in iPhone OS


3.Solution

To fix this vulnerability, update to the fixed version supplied by the vendor.


4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
&#9633,070-497; Low
(0.0~3.9)
□ Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score 7.8

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact ■ None □ Partial □ Complete
I:Integrity Impact ■ None □ Partial □ Complete
A:Availability Impact &#9633,EX0-002; None □ Partial ■ Complete

■:Selected Values

5. Type

Contact

IPA Information-technology Promotion Agency, Japan IPAIT Human Resources DevelopmentPromotion of Computerization and Development of IT Resources for

The software industry requires little initial upfront investment for facilities,EX0-002, and accordingly, is expected to play an important part in local economic promotion policies. IPA is also focusing on developing human resources and is investing in 15 local software centers across Japan as part of efforts to contribute to the vitalization of local communities. In addition, we work with local SMEs to develop IT development policies suited to the relevant region by providing teaching aids,1Y0-A15, guidance and advice for training IT staff. Besides these centers, which engage in IT human resources development activities,70-486, we collaborate with 33 new enterprise support organizations as we implement measures to enhance regional IT human resources development programs.