CVE-2009-2206

Name of the Vulnerable Software and Affected Versions Apple iPhone OS versions prior to 3.1 Apple iPhone OS versions prior to 3.1.1 for iPod touch

Description The issue is related to multiple heap-based buffer overflows in the AudioCodecs library within the CoreAudio component. This can be exploited by remote attackers through crafted AAC or MP3 files, such as a ringtone with malformed entries in the sample size table, leading to the execution of arbitrary code or a denial of service, which results in an application crash.

Recommendations For Apple iPhone OS versions prior to 3.1, update to version 3.1 or later. For Apple iPhone OS versions prior to 3.1.1 for iPod touch, update to version 3.1.1 or later.