CVE-2009-0960

CVE Database · CVE-2009-0960

CVE-2009-0960

· N/AModified

CVSS v3.1

N/A

EPSS

1.89%

Published

Jun 19, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.

Affected Products (33)

apple · iphone_osvulnerable

· iphone_os

References (12)

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

PatchVendor Advisory

http://support.apple.com/kb/HT3639

PatchVendor Advisory

http://www.securityfocus.com/bid/35414

http://www.securityfocus.com/bid/35434

http://www.vupen.com/english/advisories/2009/1621

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/51209

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

PatchVendor Advisory

http://support.apple.com/kb/HT3639

KEV Catalog EPSS Scores Vendors All CVEs