TCP Spoofing Risk in Apple iPod Touch and iPhone Devices
CVE-2008-3612

9.8CRITICAL

Key Information:

Vendor
Apple
Status
Iphone
Ipod Touch
Vendor
CVE Published:
11 September 2008

Summary

The Networking subsystem in specific versions of Apple iPod Touch and iPhone devices utilizes predictable TCP initial sequence numbers. This flaw permits remote attackers to potentially spoof or hijack TCP connections, leading to unauthorized access or interception of sensitive data. Users of affected devices are advised to apply the necessary security updates to mitigate this risk.

References

http://www.securitytracker.com/id?1020848
vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2525
vdb-entryx_refsource_VUPEN
http://support.apple.com/kb/HT3026
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.