Vulnerabilities > Apple > Iphone OS > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-18 | CVE-2010-1387 | Resource Management Errors vulnerability in Apple Itunes Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | 9.3 |
| 2010-03-25 | CVE-2010-1119 | Resource Management Errors vulnerability in Apple products Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | 10.0 |
| 2010-03-15 | CVE-2010-0050 | Use After Free vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | 8.8 |
| 2010-02-03 | CVE-2010-0038 | Resource Management Errors vulnerability in Apple Iphone OS Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | 4.6 |
| 2009-11-13 | CVE-2009-2816 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | 6.8 |
| 2009-09-21 | CVE-2009-3273 | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |
| 2009-09-10 | CVE-2009-2815 | Resource Management Errors vulnerability in Apple Iphone OS The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | 7.8 |
| 2009-09-10 | CVE-2009-2797 | Information Exposure vulnerability in multiple products The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | 5.0 |
| 2009-09-10 | CVE-2009-2796 | Information Exposure vulnerability in Apple Iphone OS 3.0/3.0.1 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | 2.1 |
| 2009-09-10 | CVE-2009-2795 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing." | 7.2 |