Critical severity9.8NVD Advisory· Published Sep 11, 2008· Updated Apr 23, 2026

CVE-2008-3612

Description

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: >=2.0.0,<=2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce//2008/Sep/msg00003.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce//2008/Sep/msg00004.htmlnvdMailing ListVendor Advisory
secunia.com/advisories/31823nvdBroken LinkVendor Advisory
secunia.com/advisories/31900nvdBroken LinkVendor Advisory
support.apple.com/kb/HT3026nvdVendor Advisory
support.apple.com/kb/HT3129nvdVendor Advisory
www.securityfocus.com/bid/31092nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2008/2525nvdBroken LinkVendor Advisory
www.vupen.com/english/advisories/2008/2558nvdBroken LinkVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000