Vulnerability Description
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 1.0.0 |
| Apple | Ipod Touch | All versions |
References
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT3639PatchVendor Advisory
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35434
- http://www.vupen.com/english/advisories/2009/1621Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51209
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT3639PatchVendor Advisory
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35434
- http://www.vupen.com/english/advisories/2009/1621Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51209
FAQ
What is CVE-2009-0960?
CVE-2009-0960 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote att...
How severe is CVE-2009-0960?
CVE-2009-0960 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0960?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch.