CVE-2008-3631 - Vulnerability Details - OpenCVE

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipod Touch

Configuration 1 [-]

OR	cpe:2.3:h:apple:ipod_touch:2.0:::::::*
	cpe:2.3:h:apple:ipod_touch:2.0.1:::::::*
	cpe:2.3:h:apple:ipod_touch:2.0.2:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://secunia.com/advisories/31823
http://secunia.com/advisories/31900
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://www.securityfocus.com/bid/31092
http://www.securitytracker.com/id?1020846
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2558

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-10T16:00:00

Updated: 2024-08-07T09:45:18.968Z

Reserved: 2008-08-12T00:00:00

Link: CVE-2008-3631

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-11T01:13:09.930

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3631

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-09-17T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-2525", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2525"}, {"name": "1020846", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020846"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3026"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3129"}, {"name": "APPLE-SA-2008-09-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"}, {"name": "31823", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31823"}, {"name": "ADV-2008-2558", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2558"}, {"name": "31900", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31900"}, {"name": "31092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31092"}, {"name": "APPLE-SA-2008-09-09", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3631", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2525", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2525"}, {"name": "1020846", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020846"}, {"name": "http://support.apple.com/kb/HT3026", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3026"}, {"name": "http://support.apple.com/kb/HT3129", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3129"}, {"name": "APPLE-SA-2008-09-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"}, {"name": "31823", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31823"}, {"name": "ADV-2008-2558", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2558"}, {"name": "31900", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31900"}, {"name": "31092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31092"}, {"name": "APPLE-SA-2008-09-09", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:45:18.968Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-2525", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2525"}, {"name": "1020846", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020846"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3026"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3129"}, {"name": "APPLE-SA-2008-09-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"}, {"name": "31823", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31823"}, {"name": "ADV-2008-2558", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2558"}, {"name": "31900", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31900"}, {"name": "31092", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31092"}, {"name": "APPLE-SA-2008-09-09", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3631", "datePublished": "2008-09-10T16:00:00", "dateReserved": "2008-08-12T00:00:00", "dateUpdated": "2024-08-07T09:45:18.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "188712AA-31CA-4209-9042-D6E986C630A5", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "964F39E4-541C-4562-B915-3254FBFBB304", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7600D384-9832-4451-B836-ADAF0E76755D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application."}, {"lang": "es", "value": "El Sandbox de Aplicaciones en iPod touch versi\u00f3n 2.0 hasta 2.0.2, y iPhone versi\u00f3n 2.0 hasta 2.0.2 de Apple , no a\u00edsla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplicaci\u00f3n de terceros por medio de una aplicaci\u00f3n de terceros diferente."}], "evaluatorSolution": "Link to patched version (v2.1) - http://www.apple.com/ipodtouch/softwareupdate.html", "id": "CVE-2008-3631", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-11T01:13:09.930", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31823"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31900"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3026"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT3129"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31092"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020846"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2525"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2558"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}