Vulnerabilities > Apple > Iphone OS > 1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-11-11 | CVE-2011-3441 | Information Exposure vulnerability in Apple Iphone OS libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | 4.3 |
2011-11-11 | CVE-2011-3440 | Permissions, Privileges, and Access Controls vulnerability in Apple Ipad2 and Iphone OS The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | 1.2 |
2010-06-22 | CVE-2010-1775 | Race Condition vulnerability in Apple Iphone OS Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | 1.9 |
2010-06-22 | CVE-2010-1407 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | 4.3 |
2010-02-03 | CVE-2010-0038 | Resource Management Errors vulnerability in Apple Iphone OS Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | 4.6 |
2009-09-21 | CVE-2009-3273 | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |
2009-09-10 | CVE-2009-2815 | Resource Management Errors vulnerability in Apple Iphone OS The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | 7.8 |
2009-08-03 | CVE-2009-2204 | Remote Code Execution vulnerability in Apple iPhone SMS Application Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. | 10.0 |
2009-06-10 | CVE-2009-1690 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | 9.3 |
2008-11-25 | CVE-2008-4233 | Unspecified vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. | 2.6 |