Details of VAR-201009-0250

ID

VAR-201009-0250

CVE

CVE-2010-1809

TITLE

iPhone and iPod touch Run on Apple iOS of Accessibility Component vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002080

DESCRIPTION

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. Successful exploits may result in a false sense of security. NOTE: This issue was previously discussed in BID 43070 (Apple iPhone/iPod touch Prior to iOS 4.1 Multiple Vulnerabilities) but has been given its own record to better document it. The vulnerability has unspecified impact and attack vectors

Trust: 1.98

sources: NVD: CVE-2010-1809 // JVNDB: JVNDB-2010-002080 // BID: 43075 // VULHUB: VHN-44414

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	4.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	3.0 to 4.0.2 (iphone 3gs after )	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	3.0 to 4.0.2 (ipod touch (3rd generation) after )	Trust: 0.8
vendor:	apple	model:	iphone	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	4.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	iphone ipad	scope:	eq	version:	3.2.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.2-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.3-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1.2-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.1-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0.1-	Trust: 0.3
vendor:	apple	model:	iphone ipodtouch	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone iphone	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	4.1	Trust: 0.3

sources: BID: 43075 // JVNDB: JVNDB-2010-002080 // CNNVD: CNNVD-201009-059 // NVD: CVE-2010-1809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1809
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-1809
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201009-059
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44414
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-1809
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44414
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44414 // JVNDB: JVNDB-2010-002080 // CNNVD: CNNVD-201009-059 // NVD: CVE-2010-1809

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-1809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201009-059

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201009-059

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002080

PATCH

title:	HT4334	url:	http://support.apple.com/kb/HT4334	Trust: 0.8
title:	HT4334	url:	http://support.apple.com/kb/HT4334?viewlocale=ja_JP	Trust: 0.8
title:	Apple iOS Accessibility Fixes for Unknown Vulnerabilities in Components	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203173	Trust: 0.6

sources: JVNDB: JVNDB-2010-002080 // CNNVD: CNNVD-201009-059

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1809	Trust: 2.8
db:	XF	id:	61694	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002080	Trust: 0.8
db:	CNNVD	id:	CNNVD-201009-059	Trust: 0.7
db:	BID	id:	43075	Trust: 0.4
db:	VULHUB	id:	VHN-44414	Trust: 0.1

sources: VULHUB: VHN-44414 // BID: 43075 // JVNDB: JVNDB-2010-002080 // CNNVD: CNNVD-201009-059 // NVD: CVE-2010-1809

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010//sep/msg00002.html	Trust: 1.7
url:	http://support.apple.com/kb/ht4334	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/61694	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1809	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/61694	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu407599	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1809	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-44414 // BID: 43075 // JVNDB: JVNDB-2010-002080 // CNNVD: CNNVD-201009-059 // NVD: CVE-2010-1809

CREDITS

Robin Kipp of Forever Living Products Europe

Trust: 0.3

sources: BID: 43075

SOURCES

db:	VULHUB	id:	VHN-44414
db:	BID	id:	43075
db:	JVNDB	id:	JVNDB-2010-002080
db:	CNNVD	id:	CNNVD-201009-059
db:	NVD	id:	CVE-2010-1809

LAST UPDATE DATE

2024-11-23T22:19:05.656000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44414	date:	2018-11-16T00:00:00
db:	BID	id:	43075	date:	2010-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-002080	date:	2010-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201009-059	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2010-1809	date:	2024-11-21T01:15:14.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44414	date:	2010-09-09T00:00:00
db:	BID	id:	43075	date:	2010-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2010-002080	date:	2010-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201009-059	date:	2010-09-13T00:00:00
db:	NVD	id:	CVE-2010-1809	date:	2010-09-09T22:00:01.517