Vulnerabilities > Apple > Iphone OS > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-11-25 CVE-2008-4231 Resource Management Errors vulnerability in Apple Iphone OS and Safari
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
network
apple CWE-399
critical
9.3
2008-10-10 CVE-2008-4211 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
network
low complexity
apple CWE-189
critical
10.0
2008-09-11 CVE-2008-3612 Use of Insufficiently Random Values vulnerability in Apple Iphone OS 2.0.0/2.0.1/2.0.2
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
network
low complexity
apple CWE-330
critical
9.8
2008-09-11 CVE-2008-3632 Resource Management Errors vulnerability in Apple Iphone, Iphone OS and Ipod Touch
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
network
apple CWE-399
critical
9.3
2007-07-23 CVE-2007-3944 Buffer Errors vulnerability in Apple Iphone OS, Safari and Webkit
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions.
network
apple CWE-119
critical
9.3