PT-2009-4163 · Microsoft+1 · Exchange Activesync+1
Published
2009-06-19
·
Updated
2022-08-09
·
CVE-2009-1679
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Apple iPhone OS versions 1.0 through 2.2.1
iPhone OS for iPod touch versions 1.1 through 2.2.1
Description:
The Profiles component, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy. This allows physically proximate attackers to bypass the intended policy.
Recommendations:
For Apple iPhone OS versions 1.0 through 2.2.1, consider disabling the installation of configuration profiles until a patch is available.
For iPhone OS for iPod touch versions 1.1 through 2.2.1, restrict the use of Exchange ActiveSync to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exchange Activesync
Ios