Vulnerabilities > Apple > Ipod Touch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-19 | CVE-2009-0959 | Improper Input Validation vulnerability in Apple Iphone OS and Ipod Touch The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | 7.1 |
2009-06-19 | CVE-2009-0958 | Information Exposure vulnerability in Apple Iphone OS and Ipod Touch Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | 4.3 |
2009-06-10 | CVE-2009-1702 | Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. | 4.3 |
2009-06-10 | CVE-2009-1701 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | 9.3 |
2009-06-10 | CVE-2009-1700 | Information Exposure vulnerability in Apple Safari The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | 4.3 |
2009-06-10 | CVE-2009-1698 | Code Injection vulnerability in Apple Safari WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | 9.3 |
2008-09-16 | CVE-2008-3950 | Numeric Errors vulnerability in Apple Iphone, Ipod Touch and Safari Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | 5.0 |
2008-09-11 | CVE-2008-3632 | Resource Management Errors vulnerability in Apple Iphone, Iphone OS and Ipod Touch Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. | 9.3 |
2008-09-11 | CVE-2008-3631 | Permissions, Privileges, and Access Controls vulnerability in Apple Ipod Touch 2.0/2.0.1/2.0.2 Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | 7.1 |