Info

Disclosure

Sep 09, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The iPod Touch Networking Subsystem contains a flaw that may allow a malicious user to spoof or hijack sessions. The issue is related to predictable initial TCP sequence numbers. It is possible that the flaw may lead to information disclosure resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.

iPod Touch

2.0.2

References

CVE ID: 2008-3612 (see also: NVD)
Bugtraq ID: 31092
Secunia Advisory ID: 31823 31900
Related OSVDB ID: 48043
Mail List Post: http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
Other Advisory URL: http://support.apple.com/kb/HT3129

Credit

Nicolas Seriot -
Bryce Cogswell -

Direct URL: http://osvdb.org/48044