Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact’s blue arrow.
Details:
SecurityTracker Alert ID: 1020763
SecurityTracker URL: http://securitytracker.com/id?1020763
CVE Reference: CVE-2008-3876
Updated: Sep 3 2008
Original Entry Date: Aug 27 2008
Impact: User access via local system
Exploit Included: Yes
Version(s): 2.0.2
Impact: A physically local user can bypass the password locking feature to obtain information from the device.
Solution: No solution was available at the time of this entry.
Vendor URL: http://www.apple.com
Cause: Access control error
Description: A vulnerability was reported in Apple iPhone. A physically local user can bypass the password locking feature to obtain information from the device. Ver 2.0.2 gives almost full access to the iPhone even while under password protection…
Steps to Reproduce
- Set iPhone to use passcode lock, have contacts marked as Favorites with links, phone numbers, addresses, etc in address book entry.
- Tap “Emergency Call” keypad from passcode entry screen.
- Double-tap home button.
- Tap blue arrow next to contact’s name.
You now have full access to applications such as Safari, complete Contacts list, SMS, Maps, “full” Phone access, and Mail by accessing various entries on the Favorite’s page, i.e. tapping their home page brings up a full, unrestricted Safari.
UPDATE:
It is reported that this activity can also be performed on iPhone 2.0.1.