Vulnerabilities > Apple > Iphone OS > 3.2

DATE CVE VULNERABILITY TITLE RISK
2010-09-09 CVE-2010-1811 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
network
apple CWE-119
6.8
2010-09-09 CVE-2010-1810 Unspecified vulnerability in Apple Iphone OS
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
network
apple
3.5
2010-09-09 CVE-2010-1809 Unspecified vulnerability in Apple Iphone OS
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
network
low complexity
apple
critical
10.0
2010-09-09 CVE-2010-1781 Resource Management Errors vulnerability in multiple products
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
6.8
2010-09-07 CVE-2010-3259 Information Exposure vulnerability in multiple products
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
4.3
2010-09-07 CVE-2010-3257 USE After Free vulnerability in multiple products
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
9.3
2010-08-24 CVE-2010-3116 USE After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
network
low complexity
google apple webkitgtk canonical CWE-416
critical
10.0
2010-08-19 CVE-2010-2807 Incorrect Conversion Between Numeric Types vulnerability in multiple products
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
6.8
2010-08-19 CVE-2010-2805 Improper Input Validation vulnerability in multiple products
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
6.8
2010-08-16 CVE-2010-1797 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe.
network
apple CWE-119
critical
9.3