CVE-2009-2204 Information

Description

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code obtain GPS coordinates or enable the microphone via an SMS message that triggers memory corruption as demonstrated by Charlie Miller at SyScan ‘09 Singapore.

Reference

http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html http://news.cnet.com/8301-1009_3-10278472-83.html http://secunia.com/advisories/36070 http://securitytracker.com/id?1022626 http://support.apple.com/kb/HT3754 http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf http://www.osvdb.org/55687 http://www.securityfocus.com/bid/35569 http://www.syscan.org/Sg/program.html http://www.vupen.com/english/advisories/2009/2105