Vulnerabilities > Apple > Iphone OS > 1.1

DATE CVE VULNERABILITY TITLE RISK
2011-11-11 CVE-2011-3441 Information Exposure vulnerability in Apple Iphone OS
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
network
apple CWE-200
4.3
2011-11-11 CVE-2011-3440 Permissions, Privileges, and Access Controls vulnerability in Apple Ipad2 and Iphone OS
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
local
high complexity
apple CWE-264
1.2
2010-06-22 CVE-2010-1775 Race Condition vulnerability in Apple Iphone OS
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
local
apple CWE-362
1.9
2010-06-22 CVE-2010-1407 Information Exposure vulnerability in Apple Iphone OS
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
network
apple CWE-200
4.3
2010-02-03 CVE-2010-0038 Resource Management Errors vulnerability in Apple Iphone OS
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
local
low complexity
apple CWE-399
4.6
2009-09-21 CVE-2009-3273 Cryptographic Issues vulnerability in Apple Iphone OS
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
network
low complexity
apple CWE-310
7.5
2009-09-10 CVE-2009-2815 Resource Management Errors vulnerability in Apple Iphone OS
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
network
low complexity
apple CWE-399
7.8
2009-08-03 CVE-2009-2204 Remote Code Execution vulnerability in Apple iPhone SMS Application
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
network
low complexity
apple
critical
10.0
2009-06-10 CVE-2009-1690 Resource Management Errors vulnerability in multiple products
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
network
apple google CWE-399
critical
9.3
2008-11-25 CVE-2008-4233 Unspecified vulnerability in Apple Iphone OS and Safari
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
network
high complexity
apple
2.6