Description
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
Affected products
- Apple / iPhone1.0 – 1.0
- Apple / iphone_os1.0.1 – 1.0.1
- Apple / iphone_os1.0.2 – 1.0.2
References
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/36853
- VENDOR_ADVISORYhttp://docs.info.apple.com/article.html?artnum=306586
- MISChttp://www.securityfocus.com/bid/25862
- MISChttp://osvdb.org/38536
- VENDOR_ADVISORYhttp://secunia.com/advisories/26983
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3287
- MISChttp://securitytracker.com/id?1018752