| Vulnerability Name: | CVE-2008-4593 (CCN-46062) | ||||||||
| Assigned: | 2008-10-03 | ||||||||
| Published: | 2008-10-03 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N) 0.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4593 Source: CCN Type: SECTRACK ID: 1021021 Apple iPhone SMS Preview Disable Feature Can By Bypassed Source: SECTRACK Type: UNKNOWN 1021021 Source: CCN Type: Apple KB HT3318 Apple Advisory Source: CCN Type: Apple Web site Apple iPhone Source: CCN Type: KarlKraft Blog Archive, 10/03/2008 Yet another iPhone Emergency Call Security Bug Source: MISC Type: UNKNOWN http://www.karlkraft.com/index.php/2008/10/03/yet-another-iphone-emergency-call-security-bug/ Source: CCN Type: OSVDB ID: 50027 Apple iPhone / iPod Touch Passcode Lock Bypass Short Message Service (SMS) Disclosure Source: XF Type: UNKNOWN apple-iphone-sms-info-disclosure(46062) Source: XF Type: UNKNOWN apple-iphone-sms-info-disclosure(46062) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||