DDIVRT-DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal
High
October 2, 2008
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and r@b13$
The iPhone Configuration Web Utility allows centralized management of iPhone configuration
settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a
common web directory traversal attack. Successful exploitation will result in arbitrary read-only
file access outside of the iPhone Configuration Web Utility 1.0 web root.
Filter network traffic so that only trusted users can access the web interface.
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
Vendor Name: Apple Inc.
Vendor Website: www.apple.com