CVE-2008-4228

Name of the Vulnerable Software and Affected Versions: Apple iPhone OS versions 1.0 through 2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.1

Description: The issue allows physically proximate attackers to make a phone call to an arbitrary number by leveraging the emergency-call ability of locked devices.

Recommendations: For Apple iPhone OS versions 1.0 through 2.1, consider disabling the emergency-call feature when the device is locked to prevent unauthorized access. For Apple iPhone OS for iPod touch versions 1.1 through 2.1, restrict the ability to make calls when the device is locked to minimize the risk of exploitation.