Sign-up

ID

VAR-200809-0567


CVE

CVE-2008-3612


TITLE

Apple iPod touch  and  iPhone  In  TCP  Vulnerability with predictable initial sequence number

Trust: 0.8

sources: JVNDB: JVNDB-2008-001690

DESCRIPTION

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A remote code-execution vulnerability. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect versions prior to iPod touch 2.1 and iPhone 2.1. ---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iPod Touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31823 VERIFY ADVISORY: http://secunia.com/advisories/31823/ CRITICAL: Highly critical IMPACT: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Apple iPod touch http://secunia.com/advisories/product/16074/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. 1) An error in the application sandbox causes it to not properly enforce access restrictions between third-party applications. This can be exploited by one application to read another application's files. 2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data. For more information: SA30600 3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache. 5) A use-after-free error in WebKit when handling CSS import statements can potentially be exploited to execute arbitrary code via a specially crafted website. SOLUTION: Update to version 2.1. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. 3) The vendor credits Dan Kaminsky, IOActive. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3026 OTHER REFERENCES: SA30600: http://secunia.com/advisories/30600/ SA30973: http://secunia.com/advisories/30973/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA31823 An error in the handling of emergency calls has also been reported. This can be exploited to bypass the Passcode Lock feature and allows users with physical access to an iPhone to launch applications without the passcode

Trust: 2.16

sources: NVD: CVE-2008-3612 // JVNDB: JVNDB-2008-001690 // BID: 31092 // VULHUB: VHN-33737 // PACKETSTORM: 69846 // PACKETSTORM: 70006

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:gteversion:2.0.0

Trust: 1.0

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.9

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.9

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.9

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.9

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.9

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.9

vendor:アップルmodel:iphonescope: - version: -

Trust: 0.8

vendor:アップルmodel:ipod touchscope:eqversion:v1.1 to v2.0.2

Trust: 0.8

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4

Trust: 0.3

vendor:applemodel:safariscope:neversion:4

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.1

Trust: 0.3

sources: BID: 31092 // JVNDB: JVNDB-2008-001690 // CNNVD: CNNVD-200809-116 // NVD: CVE-2008-3612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3612
value: CRITICAL

Trust: 1.0

NVD: CVE-2008-3612
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-200809-116
value: HIGH

Trust: 0.6

VULHUB: VHN-33737
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-3612
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33737
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2008-3612
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2008-3612
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-33737 // JVNDB: JVNDB-2008-001690 // CNNVD: CNNVD-200809-116 // NVD: CVE-2008-3612

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.0

problemtype:Insufficient use of random values (CWE-330) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-189

Trust: 0.1

sources: VULHUB: VHN-33737 // JVNDB: JVNDB-2008-001690 // NVD: CVE-2008-3612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-116

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200809-116

PATCH

title:iPod touch v2.1 Apple  Security updateurl:http://support.apple.com/kb/HT3026

Trust: 0.8

sources: JVNDB: JVNDB-2008-001690

EXTERNAL IDS

db:NVDid:CVE-2008-3612

Trust: 3.6

db:BIDid:31092

Trust: 2.8

db:SECUNIAid:31823

Trust: 2.6

db:SECUNIAid:31900

Trust: 2.6

db:SECTRACKid:1020848

Trust: 1.7

db:VUPENid:ADV-2008-2525

Trust: 1.7

db:VUPENid:ADV-2008-2558

Trust: 1.7

db:JVNDBid:JVNDB-2008-001690

Trust: 0.8

db:APPLEid:APPLE-SA-2008-09-12

Trust: 0.6

db:APPLEid:APPLE-SA-2008-09-09

Trust: 0.6

db:CNNVDid:CNNVD-200809-116

Trust: 0.6

db:VULHUBid:VHN-33737

Trust: 0.1

db:PACKETSTORMid:69846

Trust: 0.1

db:PACKETSTORMid:70006

Trust: 0.1

sources: VULHUB: VHN-33737 // BID: 31092 // JVNDB: JVNDB-2008-001690 // PACKETSTORM: 69846 // PACKETSTORM: 70006 // CNNVD: CNNVD-200809-116 // NVD: CVE-2008-3612

REFERENCES

url:http://www.securityfocus.com/bid/31092

Trust: 2.5

url:http://secunia.com/advisories/31823

Trust: 2.5

url:http://secunia.com/advisories/31900

Trust: 2.5

url:http://support.apple.com/kb/ht3026

Trust: 1.8

url:http://support.apple.com/kb/ht3129

Trust: 1.8

url:http://lists.apple.com/archives/security-announce//2008/sep/msg00003.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce//2008/sep/msg00004.html

Trust: 1.7

url:http://www.securitytracker.com/id?1020848

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2008/2558

Trust: 1.4

url:http://www.frsirt.com/english/advisories/2008/2525

Trust: 1.4

url:http://www.vupen.com/english/advisories/2008/2525

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/2558

Trust: 1.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3612

Trust: 0.8

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/advisories/31823/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://secunia.com/

Trust: 0.1

url:http://secunia.com/advisories/30973/

Trust: 0.1

url:http://secunia.com/advisories/product/16074/

Trust: 0.1

url:http://secunia.com/advisories/30600/

Trust: 0.1

url:http://secunia.com/binary_analysis/sample_analysis/

Trust: 0.1

url:http://secunia.com/advisories/31900/

Trust: 0.1

url:http://secunia.com/advisories/product/15128/

Trust: 0.1

sources: VULHUB: VHN-33737 // BID: 31092 // JVNDB: JVNDB-2008-001690 // PACKETSTORM: 69846 // PACKETSTORM: 70006 // CNNVD: CNNVD-200809-116 // NVD: CVE-2008-3612

CREDITS

Nicolas SeriotBryce Cogswell

Trust: 0.6

sources: CNNVD: CNNVD-200809-116

SOURCES

db:VULHUBid:VHN-33737
db:BIDid:31092
db:JVNDBid:JVNDB-2008-001690
db:PACKETSTORMid:69846
db:PACKETSTORMid:70006
db:CNNVDid:CNNVD-200809-116
db:NVDid:CVE-2008-3612

LAST UPDATE DATE

2025-04-10T21:39:16.263000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-33737date:2011-06-20T00:00:00
db:BIDid:31092date:2009-06-09T16:59:00
db:JVNDBid:JVNDB-2008-001690date:2024-03-01T05:02:00
db:CNNVDid:CNNVD-200809-116date:2008-11-15T00:00:00
db:NVDid:CVE-2008-3612date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-33737date:2008-09-11T00:00:00
db:BIDid:31092date:2008-09-09T00:00:00
db:JVNDBid:JVNDB-2008-001690date:2008-09-30T00:00:00
db:PACKETSTORMid:69846date:2008-09-11T04:44:10
db:PACKETSTORMid:70006date:2008-09-16T00:07:21
db:CNNVDid:CNNVD-200809-116date:2008-09-11T00:00:00
db:NVDid:CVE-2008-3612date:2008-09-11T01:13:09.227