Apple: >> Iphone Os >> 1.1 Security Vulnerabilities
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVSS Score
1.2
EPSS Score
0.001
Published
2011-11-11
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-11-11
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
CVSS Score
4.3
EPSS Score
0.007
Published
2010-06-22
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
CVSS Score
1.9
EPSS Score
0.001
Published
2010-06-22
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
CVSS Score
5.0
EPSS Score
0.376
Published
2010-03-19
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.
CVSS Score
4.6
EPSS Score
0.001
Published
2010-02-03
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-09-21
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
CVSS Score
7.8
EPSS Score
0.005
Published
2009-09-10
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
CVSS Score
10.0
EPSS Score
0.187
Published
2009-08-03
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
CVSS Score
9.3
EPSS Score
0.097
Published
2009-06-10
Page 1