June 18, 2009
>>

1.Overview

The “iPhone” and ”iPod touch”,70-467, which are supplied by Apple Inc., have “iPhone OS” (iPod touch has “iPhone OS for iPod touch”) embedded as their base operating system.

“iPhone OS” contains a vulnerability which may lead “iPhone OS” to a denial-of-service (DoS) condition due to a problem in processing requests made via network. If exploited, there is a possibility that the “iPhone” or “iPod touch” may cease operations in the event an external attack is experienced.

For detailed information, refer to the URL below:

For the latest information, refer to the URL below:

The IPA first received a report concerning this vulnerability through the creditee below on December 17, 2008, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on June 18, 2009.
Credit: Masaki Yoshida

2.Impact

When an external attack is experienced, “iPhone” and “iPod touch” may cease operation. As a result, there is a possibility that the “iPhone” or “iPod touch” may fall into a condition where user operations are not accepted.

3.Solution

To fix this vulnerability, update to the fixed version supplied by the vendor.

4.CVSS Severity

(1)Evaluation Result

(2) Base Score Metrics

■:Selected Values

5. Type

Contact