Vulnerabilities > Apple > Iphone OS

DATE CVE VULNERABILITY TITLE RISK
2007-09-27 CVE-2007-3755 Improper Input Validation vulnerability in Apple Iphone and Iphone OS
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
network
apple CWE-20
4.3
2007-09-27 CVE-2007-3754 Improper Authentication vulnerability in Apple Iphone and Iphone OS
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
network
apple CWE-287
4.3
2007-09-27 CVE-2007-3753 Improper Input Validation vulnerability in Apple Iphone and Iphone OS
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.
network
low complexity
apple CWE-20
7.5
2007-07-23 CVE-2007-3944 Buffer Errors vulnerability in Apple Iphone OS, Safari and Webkit
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions.
network
apple CWE-119
critical
9.3
2007-06-25 CVE-2007-2400 Race Condition vulnerability in Apple Iphone OS and Safari
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
network
apple CWE-362
4.3