CVE-2009-2794 Information

Description

The Exchange Support component in Apple iPhone OS before 3.1 and iPhone OS before 3.1.1 for iPod touch does not properly implement the \Maximum inactivity time lock\ functionality which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

Reference

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://secunia.com/advisories/36677 http://support.apple.com/kb/HT3860 http://www.securityfocus.com/bid/36342 https://exchange.xforce.ibmcloud.com/vulnerabilities/53181