PT-2009-3541 · Apple+1 · Ios+1
Si Brindley
·
Published
2009-06-19
·
Updated
2022-08-09
·
CVE-2009-0959
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Apple iPhone OS versions 1.0 through 2.2.1
Apple iPhone OS for iPod touch versions 1.1 through 2.2.1
Description
The issue is related to the MPEG-4 video codec, which allows remote attackers to cause a denial of service, resulting in a device reset. This is achieved through a crafted MPEG-4 video file that triggers an input validation issue.
Recommendations
For Apple iPhone OS versions 1.0 through 2.2.1, update to a version outside of this range to resolve the issue.
For Apple iPhone OS for iPod touch versions 1.1 through 2.2.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider avoiding the use of the MPEG-4 video codec until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mpeg-4
Ios