| Vulnerability Name: | CVE-2008-4229 (CCN-46758) | ||||||||
| Assigned: | 2008-11-21 | ||||||||
| Published: | 2008-11-21 | ||||||||
| Updated: | 2022-08-09 | ||||||||
| Summary: | Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P) 2.7 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-362 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4229 Source: APPLE Type: Vendor Advisory APPLE-SA-2008-11-20 Source: OSVDB Type: UNKNOWN 50026 Source: CCN Type: SA32756 Apple iPhone / iPod touch Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 32756 Source: CCN Type: SECTRACK ID: 1021271 Apple iPhone Lets Physically Local Users Make Arbitrary Calls in Emergency Mode Source: CCN Type: Apple Web site About the security content of iPhone OS 2.2 and iPhone OS for iPod touch 2.2 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT3318 Source: CCN Type: OSVDB ID: 50026 Apple iPhone / iPod Touch Device Restore Passcode Lock Bypass Source: BID Type: UNKNOWN 32394 Source: CCN Type: BID-32394 Apple iPhone and iPod touch Prior to Version 2.2 Multiple Vulnerabilities Source: SECTRACK Type: UNKNOWN 1021271 Source: VUPEN Type: UNKNOWN ADV-2008-3232 Source: XF Type: UNKNOWN apple-iphone-passcodelock-weak-security(46758) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||