The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
References
Link | Resource |
---|---|
http://support.apple.com/kb/HT3860 | Patch Vendor Advisory |
http://secunia.com/advisories/36677 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/36342 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53181 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-09-10 14:30
Updated : 2017-08-16 18:30
NVD link : CVE-2009-2794
Mitre link : CVE-2009-2794
JSON object : View
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Products Affected
apple
- iphone_os