SecurityFocus on mobile devices for the first time?

SecurityFocus Newsletter #485 is I think the first issue of the newsletter where mobile devices are listed. 2 issues have been reported one about the iPod Touch and iPhone and the other about the Nokia 6131, both are vulnerable to remote attacks on the browser.

The interest for security on mobile browsers is yet another proof that mobile is about to take over the rest of connected-electronics.


4. Nokia 6131 Multiple Vulnerabilities
BugTraq ID: 30716
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/30716
Summary:
Nokia 6131 is prone to multiple vulnerabilities.

The device is affected by URI-spoofing and denial-of-service issues.

Remote attackers may spoof the source URI of a site to direct users to a malicious location and trigger crashes in an affected device.


23. Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
BugTraq ID: 30186
Remote: Yes
Last Updated: 2009-01-05
Relevant URL: http://www.securityfocus.com/bid/30186
Summary:
Apple iPhone and iPod touch are prone to multiple remote vulnerabilities:

1. A vulnerability that may allow users to spoof websites.
2. An information-disclosure vulnerability.
3. A buffer-overflow vulnerability.
4. Two memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible.

These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4.

2 thoughts on “SecurityFocus on mobile devices for the first time?”

  1. Thanks Simone,
    you are completely right, I even remember killing the Siemens phones of some colleagues with the broken SMS messages.

    Some more research next time, before posting.

Comments are closed.