Unrated severityNVD Advisory· Published Aug 3, 2009· Updated Jun 16, 2026
CVE-2009-2204
CVE-2009-2204
Description
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=3.0
- cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
- (no CPE)range: <3.0.1
Patches
Vulnerability mechanics
References
10- securitytracker.com/idnvdPatch
- www.vupen.com/english/advisories/2009/2105nvdPatchVendor Advisory
- www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdfnvdExploit
- secunia.com/advisories/36070nvdVendor Advisory
- support.apple.com/kb/HT3754nvdVendor Advisory
- lists.apple.com/archives/security-announce/2009/Jul/msg00001.htmlnvd
- news.cnet.com/8301-1009_3-10278472-83.htmlnvd
- www.osvdb.org/55687nvd
- www.securityfocus.com/bid/35569nvd
- www.syscan.org/Sg/program.htmlnvd
News mentions
0No linked articles in our index yet.