CVE-2009-0961

critical

Description

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51210

http://www.vupen.com/english/advisories/2009/1621

http://www.securityfocus.com/bid/35414

http://support.apple.com/kb/HT3639

http://osvdb.org/55238

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Details

Source: Mitre, NVD

Published: 2009-06-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04263