CVE-2008-3612

Description

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Apple / iphone_os2.0.0 – 2.0.2

References

MISChttp://www.securitytracker.com/id?1020848
VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2525
VENDOR_ADVISORYhttp://support.apple.com/kb/HT3026
VENDOR_ADVISORYhttp://support.apple.com/kb/HT3129
MAILING_LISThttp://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
VENDOR_ADVISORYhttp://secunia.com/advisories/31823
VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2558
VENDOR_ADVISORYhttp://secunia.com/advisories/31900
MISChttp://www.securityfocus.com/bid/31092
MAILING_LISThttp://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html