Sign-up

ID

VAR-200809-0342


CVE

CVE-2008-3876


TITLE

Apple iPhone Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2008-003392

DESCRIPTION

Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. Iphone is prone to a information disclosure vulnerability. Apple Iphone is an epoch-making mobile phone terminal launched by Apple Inc. that supports multi-touch

Trust: 1.98

sources: NVD: CVE-2008-3876 // JVNDB: JVNDB-2008-003392 // BID: 84867 // VULHUB: VHN-34001

AFFECTED PRODUCTS

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 2.7

sources: BID: 84867 // JVNDB: JVNDB-2008-003392 // CNNVD: CNNVD-200809-006 // NVD: CVE-2008-3876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3876
value: LOW

Trust: 1.0

NVD: CVE-2008-3876
value: LOW

Trust: 0.8

CNNVD: CNNVD-200809-006
value: LOW

Trust: 0.6

VULHUB: VHN-34001
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2008-3876
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34001
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34001 // JVNDB: JVNDB-2008-003392 // CNNVD: CNNVD-200809-006 // NVD: CVE-2008-3876

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-34001 // JVNDB: JVNDB-2008-003392 // NVD: CVE-2008-3876

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200809-006

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200809-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003392

PATCH
title:HT3129url:http://support.apple.com/kb/HT3129
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003392

EXTERNAL IDS
db:NVDid:CVE-2008-3876
Trust: 2.8
db:SECTRACKid:1020763
Trust: 2.0
db:JVNDBid:JVNDB-2008-003392
Trust: 0.8
db:CNNVDid:CNNVD-200809-006
Trust: 0.6
db:BIDid:84867
Trust: 0.4
db:VULHUBid:VHN-34001
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34001 // 
            
            
            
            BID: 84867 // 
            
            
            
            JVNDB: JVNDB-2008-003392 // 
            
            
            
            CNNVD: CNNVD-200809-006 // 
            
            
            
            NVD: CVE-2008-3876

REFERENCES
url:http://forums.macrumors.com/showthread.php?t=551617
Trust: 2.0
url:http://securitytracker.com/id?1020763
Trust: 2.0
url:http://forums.macrumors.com/showpost.php?p=6121914&postcount=118
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3876
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3876
Trust: 0.8
url:http://forums.macrumors.com/showpost.php?p=6121914&postcount=118
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34001 // 
            
            
            
            BID: 84867 // 
            
            
            
            JVNDB: JVNDB-2008-003392 // 
            
            
            
            CNNVD: CNNVD-200809-006 // 
            
            
            
            NVD: CVE-2008-3876

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 84867

SOURCES
db:VULHUBid:VHN-34001
db:BIDid:84867
db:JVNDBid:JVNDB-2008-003392
db:CNNVDid:CNNVD-200809-006
db:NVDid:CVE-2008-3876

LAST UPDATE DATE
2025-04-10T22:56:58.203000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34001date:2008-09-17T00:00:00
db:BIDid:84867date:2008-09-02T00:00:00
db:JVNDBid:JVNDB-2008-003392date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200809-006date:2008-09-17T00:00:00
db:NVDid:CVE-2008-3876date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-34001date:2008-09-02T00:00:00
db:BIDid:84867date:2008-09-02T00:00:00
db:JVNDBid:JVNDB-2008-003392date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200809-006date:2008-09-02T00:00:00
db:NVDid:CVE-2008-3876date:2008-09-02T14:24:00