Application Sandbox Vulnerability in Apple iPod touch and iPhone
CVE-2008-3631

Currently unrated

Key Information:

Vendor: Apple
Status: Ipod Touch
Vendor: CVE Published:; 11 September 2008

Summary

The application sandbox in Apple iPod touch (versions 2.0 through 2.0.2) and iPhone (versions 2.0 through 2.0.2) fails to adequately isolate third-party applications. This lack of proper isolation allows attackers to access arbitrary files from one third-party application's sandbox through another, creating potential exploitation avenues for sensitive data exposure.

References

http://www.vupen.com/english/advisories/2008/2525

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1020846

vdb-entryx_refsource_SECTRACK

http://support.apple.com/kb/HT3026

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Aug 12, 2008