cvelistv5 - CVE-2008-3631

CVE-2008-3631 (GCVE-0-2008-3631)

Vulnerability from cvelistv5

Published

2008-09-10 16:00

Modified

2024-08-07 09:45

Severity ?

CWE

Summary

References

URL

Tags

	cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
	cve@mitre.org	http://secunia.com/advisories/31823
	cve@mitre.org	http://secunia.com/advisories/31900
	cve@mitre.org	http://support.apple.com/kb/HT3026
	cve@mitre.org	http://support.apple.com/kb/HT3129
	cve@mitre.org	http://www.securityfocus.com/bid/31092
	cve@mitre.org	http://www.securitytracker.com/id?1020846
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2525
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2558
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31823
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31900
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3026
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3129
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31092
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020846
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2525
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2558

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-2525",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2525"
          },
          {
            "name": "1020846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020846"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3026"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3129"
          },
          {
            "name": "APPLE-SA-2008-09-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
          },
          {
            "name": "31823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31823"
          },
          {
            "name": "ADV-2008-2558",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2558"
          },
          {
            "name": "31900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31900"
          },
          {
            "name": "31092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31092"
          },
          {
            "name": "APPLE-SA-2008-09-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-09-17T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-2525",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2525"
        },
        {
          "name": "1020846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020846"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3026"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3129"
        },
        {
          "name": "APPLE-SA-2008-09-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
        },
        {
          "name": "31823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31823"
        },
        {
          "name": "ADV-2008-2558",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2558"
        },
        {
          "name": "31900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31900"
        },
        {
          "name": "31092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31092"
        },
        {
          "name": "APPLE-SA-2008-09-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-2525",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2525"
            },
            {
              "name": "1020846",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020846"
            },
            {
              "name": "http://support.apple.com/kb/HT3026",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3026"
            },
            {
              "name": "http://support.apple.com/kb/HT3129",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3129"
            },
            {
              "name": "APPLE-SA-2008-09-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
            },
            {
              "name": "31823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31823"
            },
            {
              "name": "ADV-2008-2558",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2558"
            },
            {
              "name": "31900",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31900"
            },
            {
              "name": "31092",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31092"
            },
            {
              "name": "APPLE-SA-2008-09-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3631",
    "datePublished": "2008-09-10T16:00:00",
    "dateReserved": "2008-08-12T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3631\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-11T01:13:09.930\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application.\"},{\"lang\":\"es\",\"value\":\"El Sandbox de Aplicaciones en iPod touch versi\u00f3n 2.0 hasta 2.0.2, y iPhone versi\u00f3n 2.0 hasta 2.0.2 de Apple , no a\u00edsla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplicaci\u00f3n de terceros por medio de una aplicaci\u00f3n de terceros diferente.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"188712AA-31CA-4209-9042-D6E986C630A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964F39E4-541C-4562-B915-3254FBFBB304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7600D384-9832-4451-B836-ADAF0E76755D\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31823\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31900\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3026\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3129\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31092\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020846\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2525\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2558\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Link to patched version (v2.1) - http://www.apple.com/ipodtouch/softwareupdate.html\"}}"
  }
}

ghsa-vc9w-9m7m-hx2f

Vulnerability from github

Published

2022-05-02 00:02

Modified

2022-05-02 00:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3631"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-11T01:13:00Z",
    "severity": "HIGH"
  },
  "details": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application.",
  "id": "GHSA-vc9w-9m7m-hx2f",
  "modified": "2022-05-02T00:02:09Z",
  "published": "2022-05-02T00:02:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3631"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31823"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31900"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3026"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3129"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31092"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020846"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2525"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2008-3631

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-3631

Aliases

CVE-2008-3631

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3631",
    "description": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application.",
    "id": "GSD-2008-3631"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3631"
      ],
      "details": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application.",
      "id": "GSD-2008-3631",
      "modified": "2023-12-13T01:23:05.533429Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3631",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-2525",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2525"
          },
          {
            "name": "1020846",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020846"
          },
          {
            "name": "http://support.apple.com/kb/HT3026",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3026"
          },
          {
            "name": "http://support.apple.com/kb/HT3129",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3129"
          },
          {
            "name": "APPLE-SA-2008-09-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
          },
          {
            "name": "31823",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31823"
          },
          {
            "name": "ADV-2008-2558",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2558"
          },
          {
            "name": "31900",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31900"
          },
          {
            "name": "31092",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31092"
          },
          {
            "name": "APPLE-SA-2008-09-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3631"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31092",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31092"
            },
            {
              "name": "APPLE-SA-2008-09-09",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
            },
            {
              "name": "APPLE-SA-2008-09-12",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3129",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3129"
            },
            {
              "name": "31900",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31900"
            },
            {
              "name": "31823",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31823"
            },
            {
              "name": "http://support.apple.com/kb/HT3026",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3026"
            },
            {
              "name": "1020846",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020846"
            },
            {
              "name": "ADV-2008-2558",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2558"
            },
            {
              "name": "ADV-2008-2525",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2525"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T03:11Z",
      "publishedDate": "2008-09-11T01:13Z"
    }
  }
}

fkie_cve-2008-3631

Vulnerability from fkie_nvd

Published

2008-09-11 01:13

Modified

2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
	cve@mitre.org	http://secunia.com/advisories/31823
	cve@mitre.org	http://secunia.com/advisories/31900
	cve@mitre.org	http://support.apple.com/kb/HT3026
	cve@mitre.org	http://support.apple.com/kb/HT3129
	cve@mitre.org	http://www.securityfocus.com/bid/31092
	cve@mitre.org	http://www.securitytracker.com/id?1020846
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2525
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/2558
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31823
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31900
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3026
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3129
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31092
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020846
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2525
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2558

Impacted products

Vendor	Product	Version
apple	ipod_touch	2.0
apple	ipod_touch	2.0.1
apple	ipod_touch	2.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "188712AA-31CA-4209-9042-D6E986C630A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "964F39E4-541C-4562-B915-3254FBFBB304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7600D384-9832-4451-B836-ADAF0E76755D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
    },
    {
      "lang": "es",
      "value": "El Sandbox de Aplicaciones en iPod touch versi\u00f3n 2.0 hasta 2.0.2, y iPhone versi\u00f3n 2.0 hasta 2.0.2 de Apple , no a\u00edsla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplicaci\u00f3n de terceros por medio de una aplicaci\u00f3n de terceros diferente."
    }
  ],
  "evaluatorSolution": "Link to patched version (v2.1) - http://www.apple.com/ipodtouch/softwareupdate.html",
  "id": "CVE-2008-3631",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-11T01:13:09.930",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31823"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31900"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3026"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020846"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2525"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2558"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A remote code-execution vulnerability. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect versions prior to iPod touch 2.1 and iPhone 2.1. ----------------------------------------------------------------------

We have updated our website, enjoy! http://secunia.com/

TITLE: Apple iPod Touch Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA31823

VERIFY ADVISORY: http://secunia.com/advisories/31823/

CRITICAL: Highly critical

IMPACT: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access

WHERE:

From remote

OPERATING SYSTEM: Apple iPod touch http://secunia.com/advisories/product/16074/

DESCRIPTION: Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. This can be exploited by one application to read another application's files.

2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data.

For more information: SA30600

3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache.

For more information: SA30973

4) Generation of predictable TCP initial sequence numbers can be exploited to spoof TCP connections or hijack sessions.

5) A use-after-free error in WebKit when handling CSS import statements can potentially be exploited to execute arbitrary code via a specially crafted website.

SOLUTION: Update to version 2.1.

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. 3) The vendor credits Dan Kaminsky, IOActive.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3026

OTHER REFERENCES: SA30600: http://secunia.com/advisories/30600/

SA30973: http://secunia.com/advisories/30973/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

For more information: SA31823

An error in the handling of emergency calls has also been reported. This can be exploited to bypass the Passcode Lock feature and allows users with physical access to an iPhone to launch applications without the passcode

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0572",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v2.0 to  v2.0.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v2.0 to  v2.0.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ipod touch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nicolas SeriotBryce Cogswell",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3631",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-3631",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-33756",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-3631",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-3631",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200809-126",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33756",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities:\n1. A vulnerability that may allow users to spoof websites. \n2. An information-disclosure vulnerability. \n3. A remote code-execution vulnerability. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. \nThese issues affect versions prior to iPod touch 2.1 and iPhone  2.1. ----------------------------------------------------------------------\n\nWe have updated our website, enjoy!\nhttp://secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPod Touch Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31823\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31823/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nHijacking, Security Bypass, Spoofing, Exposure of sensitive\ninformation, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple iPod touch\nhttp://secunia.com/advisories/product/16074/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iPod touch,\nwhich can be exploited by malicious applications to bypass certain\nsecurity features and by malicious people to poison the DNS cache,\nspoof TCP connections, or potentially compromise a user\u0027s device. This\ncan be exploited by one application to read another application\u0027s\nfiles. \n\n2) Multiple errors exist in the included version of FreeType, which\npotentially can be exploited by malicious people to execute arbitrary\ncode when accessing specially crafted font data. \n\nFor more information:\nSA30600\n\n3) mDNSResponder does not provide sufficient randomization, which can\nbe exploited to poison the DNS cache. \n\nFor more information:\nSA30973\n\n4) Generation of predictable TCP initial sequence numbers can be\nexploited to spoof TCP connections or hijack sessions. \n\n5) A use-after-free error in WebKit when handling CSS import\nstatements can potentially be exploited to execute arbitrary code via\na specially crafted website. \n\nSOLUTION:\nUpdate to version 2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. \n3) The vendor credits Dan Kaminsky, IOActive. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3026\n\nOTHER REFERENCES:\nSA30600:\nhttp://secunia.com/advisories/30600/\n\nSA30973:\nhttp://secunia.com/advisories/30973/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nFor more information:\nSA31823\n\nAn error in the handling of emergency calls has also been reported. \nThis can be exploited to bypass the Passcode Lock feature and allows\nusers with physical access to an iPhone to launch applications\nwithout the passcode",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "BID",
        "id": "31092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "PACKETSTORM",
        "id": "69846"
      },
      {
        "db": "PACKETSTORM",
        "id": "70006"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3631",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "31092",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "31823",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "31900",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1020846",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2525",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2558",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689",
        "trust": 0.8
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-09-12",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-09-09",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-33756",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69846",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70006",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "BID",
        "id": "31092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "PACKETSTORM",
        "id": "69846"
      },
      {
        "db": "PACKETSTORM",
        "id": "70006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "id": "VAR-200809-0572",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:59:26.809000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "iPhone v2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3129"
      },
      {
        "title": "iPod touch v2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3026"
      },
      {
        "title": "iPod touch v2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3026?locale=ja_JP"
      },
      {
        "title": "iPhone v2.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3129?locale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/31092"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/31823"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/31900"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3026"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3129"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020846"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/2558"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2008/2525"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2525"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2558"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3631"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3631"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/31823/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30973/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/16074/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30600/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31900/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/15128/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "BID",
        "id": "31092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "PACKETSTORM",
        "id": "69846"
      },
      {
        "db": "PACKETSTORM",
        "id": "70006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "db": "BID",
        "id": "31092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "db": "PACKETSTORM",
        "id": "69846"
      },
      {
        "db": "PACKETSTORM",
        "id": "70006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "date": "2008-09-09T00:00:00",
        "db": "BID",
        "id": "31092"
      },
      {
        "date": "2008-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "date": "2008-09-11T04:44:10",
        "db": "PACKETSTORM",
        "id": "69846"
      },
      {
        "date": "2008-09-16T00:07:21",
        "db": "PACKETSTORM",
        "id": "70006"
      },
      {
        "date": "2008-09-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "date": "2008-09-11T01:13:09.930000",
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33756"
      },
      {
        "date": "2009-06-09T16:59:00",
        "db": "BID",
        "id": "31092"
      },
      {
        "date": "2008-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      },
      {
        "date": "2008-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      },
      {
        "date": "2024-11-21T00:49:44.140000",
        "db": "NVD",
        "id": "CVE-2008-3631"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iPod touch and  iPhone of  Application Sandbox Vulnerable to reading arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-126"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3631 (GCVE-0-2008-3631)

Vulnerability from cvelistv5

ghsa-vc9w-9m7m-hx2f

Vulnerability from github

gsd-2008-3631

Vulnerability from gsd

fkie_cve-2008-3631

Vulnerability from fkie_nvd

var-200809-0572

Vulnerability from variot

Tags

Sightings

Nomenclature