Vulnerabilities > Apple > Critical

DATE CVE VULNERABILITY TITLE RISK
2010-03-29 CVE-2010-1180 Code Injection vulnerability in Apple Safari
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
network
apple CWE-94
critical
 9.3
9.3
2010-03-29 CVE-2010-1179 Numeric Errors vulnerability in Apple Safari
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
network
apple CWE-189
critical
 9.3
9.3
2010-03-29 CVE-2010-1177 Code Injection vulnerability in Apple Safari
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
network
apple CWE-94
critical
 9.3
9.3
2010-03-29 CVE-2010-1176 Code Injection vulnerability in Apple Safari
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.
network
apple CWE-94
critical
 9.3
9.3
2010-03-25 CVE-2010-1120 Code Injection vulnerability in Apple Safari 4.0
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
network
low complexity
apple CWE-94
critical
 10.0
10
2010-03-25 CVE-2010-1119 Resource Management Errors vulnerability in Apple products
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
network
low complexity
apple microsoft CWE-399
critical
 10.0
10
2010-03-15 CVE-2010-0054 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0053 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0052 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html CVE-ID: CVE-2010-0052 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements.
network
apple CWE-399
critical
 9.3
9.3
2010-03-15 CVE-2010-0049 Resource Management Errors vulnerability in Apple Safari
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
network
apple CWE-399
critical
 9.3
9.3