Apple · Ios · CVE-2009-2794
**Name of the Vulnerable Software and Affected Versions**
Apple iPhone OS versions prior to 3.1
Apple iPhone OS for iPod touch versions prior to 3.1.1
**Description**
The issue is related to the Exchange Support component, which does not properly implement the Maximum inactivity time lock functionality. This allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
**Recommendations**
For Apple iPhone OS versions prior to 3.1, update to version 3.1 or later to resolve the issue.
For Apple iPhone OS for iPod touch versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.