Published:2009/06/18  Last Updated:2009/06/18

iPhone OS denial of service (DoS) vulnerability


iPhone OS from Apple contains a denial of service (DoS) vulnerability.

Products Affected

  • iPhone OS 1.0 to 2.2.1
  • iPhone OS for iPod touch 1.1 to 2.2.1


iPhone OS from Apple contains a denial of service (DoS) vulnerability.


A remote attacker could possibly cause a denial of service (DoS) attack by sending a specially crafted packet.


Update the software
Update to latest version according to the information provided by Apple.


  1. IPA
    Security Alert for Vulnerability in iPhone OS

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2009.06.18

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required None - the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Medium-High

Description of each analysis measures


Masaki Yoshida reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2009-1683
JVN iPedia JVNDB-2009-000040

Update History