Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact’s blue arrow.

Details:

SecurityTracker Alert ID: 1020763

SecurityTracker URL: http://securitytracker.com/id?1020763

CVE Reference: CVE-2008-3876

Updated: Sep 3 2008

Original Entry Date: Aug 27 2008

Impact: User access via local system

Exploit Included: Yes

Version(s): 2.0.2

Impact: A physically local user can bypass the password locking feature to obtain information from the device.
Solution: No solution was available at the time of this entry.
Vendor URL: http://www.apple.com
Cause: Access control error

Description: A vulnerability was reported in Apple iPhone. A physically local user can bypass the password locking feature to obtain information from the device. Ver 2.0.2 gives almost full access to the iPhone even while under password protection…

Steps to Reproduce

  1. Set iPhone to use passcode lock, have contacts marked as Favorites with links, phone numbers, addresses, etc in address book entry.
  2. Tap “Emergency Call” keypad from passcode entry screen.
  3. Double-tap home button.
  4. Tap blue arrow next to contact’s name.

You now have full access to applications such as Safari, complete Contacts list, SMS, Maps, “full” Phone access, and Mail by accessing various entries on the Favorite’s page, i.e. tapping their home page brings up a full, unrestricted Safari.

UPDATE:

It is reported that this activity can also be performed on iPhone 2.0.1.

Source

Source

Tags: , , ,

Leave a Reply

Gravityscan Badge