Vulnerability Description
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | < 3.1 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlMailing ListPatchVendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860PatchVendor Advisory
- http://www.securityfocus.com/bid/36341Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53183VDB Entry
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlMailing ListPatchVendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860PatchVendor Advisory
- http://www.securityfocus.com/bid/36341Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53183VDB Entry
FAQ
What is CVE-2009-2795?
CVE-2009-2795 is a vulnerability with a CVSS score of 7.2 (HIGH). Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arb...
How severe is CVE-2009-2795?
CVE-2009-2795 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2795?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.