Sign-up

ID

VAR-200906-0083


CVE

CVE-2009-1680


TITLE

Apple iPhone OS of Safari Vulnerabilities in search history retrieval

Trust: 0.8

sources: JVNDB: JVNDB-2009-001852

DESCRIPTION

Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. Apple iPhone and iPod touch are prone to multiple vulnerabilities. Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain sensitive information, or cause denial-of-service conditions. These issues affect the following: iPhone OS 1.0 through 2.2.1 iPhone OS for iPod touch 1.1 through 2.2.1 This BID is being retired. The following individual records have been created to better document these issues: 35433 Apple iPhone and iPod touch MPEG-4 Video Codec Denial of Service Vulnerability 35434 Apple iPhone and iPod touch Mail Client Information Disclosure Weakness 35436 Apple iPhone and iPod touch Configuration Profile Handling Information Disclosure Vulnerability 35425 Apple iPhone Call Approval Dialog Security Bypass Vulnerability 35445 Apple iPhone and iPod touch ICMP Echo Request Remote Denial of Service Vulnerability 35446 Apple iPhone and iPod touch HTMLSelectElement Denial of Service Vulnerability 35447 Apple iPhone and iPod touch Untrusted Certificate Exception Information Disclosure Vulnerability 35448 Apple iPhone and iPod touch Safari Search History Information Disclosure Vulnerability. Information harvested may aid in launching further attacks

Trust: 2.25

sources: NVD: CVE-2009-1680 // JVNDB: JVNDB-2009-001852 // BID: 35414 // BID: 35448 // VULHUB: VHN-39126

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:ipod touchscope:eqversion:*

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:*

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iosscope:eqversion:1.0 to 2.2.1

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:1.1 to 2.2.1

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.6

vendor:applemodel:ipod touchscope:neversion:3.0

Trust: 0.6

vendor:applemodel:iphonescope:neversion:3.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

sources: BID: 35414 // BID: 35448 // JVNDB: JVNDB-2009-001852 // CNNVD: CNNVD-200906-315 // NVD: CVE-2009-1680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1680
value: LOW

Trust: 1.0

NVD: CVE-2009-1680
value: LOW

Trust: 0.8

CNNVD: CNNVD-200906-315
value: LOW

Trust: 0.6

VULHUB: VHN-39126
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2009-1680
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39126
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39126 // JVNDB: JVNDB-2009-001852 // CNNVD: CNNVD-200906-315 // NVD: CVE-2009-1680

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-39126 // JVNDB: JVNDB-2009-001852 // NVD: CVE-2009-1680

THREAT TYPE

local

Trust: 0.9

sources: BID: 35448 // CNNVD: CNNVD-200906-315

TYPE

Unknown

Trust: 0.6

sources: BID: 35414 // BID: 35448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001852

PATCH
title:HT3639url:http://support.apple.com/kb/HT3639
Trust: 0.8
title:HT3639url:http://support.apple.com/kb/HT3639?viewlocale=ja_JP
Trust: 0.8
title:Apple iPhone Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203140
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2009-001852 // 
            
            
            
            CNNVD: CNNVD-200906-315

EXTERNAL IDS
db:BIDid:35448
Trust: 2.8
db:NVDid:CVE-2009-1680
Trust: 2.8
db:OSVDBid:55240
Trust: 2.5
db:VUPENid:ADV-2009-1621
Trust: 2.5
db:BIDid:35414
Trust: 2.0
db:JVNDBid:JVNDB-2009-001852
Trust: 0.8
db:CNNVDid:CNNVD-200906-315
Trust: 0.6
db:VULHUBid:VHN-39126
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39126 // 
            
            
            
            BID: 35414 // 
            
            
            
            BID: 35448 // 
            
            
            
            JVNDB: JVNDB-2009-001852 // 
            
            
            
            CNNVD: CNNVD-200906-315 // 
            
            
            
            NVD: CVE-2009-1680

REFERENCES
url:http://www.securityfocus.com/bid/35448
Trust: 2.5
url:http://osvdb.org/55240
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/1621
Trust: 2.5
url:http://support.apple.com/kb/ht3639
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html
Trust: 1.7
url:http://www.securityfocus.com/bid/35414
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1680
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1680
Trust: 0.8
url:http://www.apple.com/iphone/
Trust: 0.6
url:http://www.apple.com/ipodtouch/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-39126 // 
            
            
            
            BID: 35414 // 
            
            
            
            BID: 35448 // 
            
            
            
            JVNDB: JVNDB-2009-001852 // 
            
            
            
            CNNVD: CNNVD-200906-315 // 
            
            
            
            NVD: CVE-2009-1680

CREDITS
Oskar Lissheim-BoethiusOliver QuasChristian Schmitz
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200906-315

SOURCES
db:VULHUBid:VHN-39126
db:BIDid:35414
db:BIDid:35448
db:JVNDBid:JVNDB-2009-001852
db:CNNVDid:CNNVD-200906-315
db:NVDid:CVE-2009-1680

LAST UPDATE DATE
2024-11-23T20:41:31.903000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39126date:2012-03-30T00:00:00
db:BIDid:35414date:2009-06-19T23:09:00
db:BIDid:35448date:2009-06-19T23:29:00
db:JVNDBid:JVNDB-2009-001852date:2009-08-06T00:00:00
db:CNNVDid:CNNVD-200906-315date:2022-08-10T00:00:00
db:NVDid:CVE-2009-1680date:2024-11-21T01:03:04.020

SOURCES RELEASE DATE
db:VULHUBid:VHN-39126date:2009-06-19T00:00:00
db:BIDid:35414date:2009-06-17T00:00:00
db:BIDid:35448date:2009-06-17T00:00:00
db:JVNDBid:JVNDB-2009-001852date:2009-08-06T00:00:00
db:CNNVDid:CNNVD-200906-315date:2009-06-19T00:00:00
db:NVDid:CVE-2009-1680date:2009-06-19T16:30:00.343