Iphone Os

iphone_os

Vendor: Apple • 4,014 CVEs

CVEs (4,014)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-1181 1Apple 1Iphone Os Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
CVE-2010-1119 1Apple 4Iphone Os Mac Os XMac Os X Server+1 more Apr 29, 2026 Mar 25, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary...Show more Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.Show less
CVE-2010-0050 4Apple CanonicalFedoraproject+1 more 5Fedora Iphone OsOpensuse+2 more Apr 29, 2026 Mar 15, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
CVE-2010-0038 1Apple 1Iphone Os Apr 29, 2026 Feb 3, 2010 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control mes...Show more Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.Show less
CVE-2009-2816 4Apple FedoraprojectGoogle+1 more 5Chrome FedoraIphone Os+2 more Apr 23, 2026 Nov 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-ori...Show more The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.Show less
CVE-2009-3273 1Apple 1Iphone Os Apr 23, 2026 Sep 21, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVE-2009-3271 1Apple 2Iphone Os Safari Apr 23, 2026 Sep 21, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
CVE-2009-2815 1Apple 1Iphone Os Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 7.8 HIGH· v2 The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via...Show more The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.Show less
CVE-2009-2797 2Apple Canonical 2Iphone Os Ubuntu Linux Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain...Show more The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.Show less
CVE-2009-2796 1Apple 1Iphone Os Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
CVE-2009-2795 1Apple 1Iphone Os Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vect...Show more Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."Show less
CVE-2009-2794 1Apple 1Iphone Os Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass in...Show more The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.Show less
CVE-2009-2207 1Apple 1Iphone Os Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by rea...Show more The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.Show less
CVE-2009-2206 1Apple 2Iphone Os Ipod Touch Apr 23, 2026 Sep 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cau...Show more Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.Show less
CVE-2009-2199 1Apple 2Iphone Os Safari Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URL...Show more Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.Show less
CVE-2009-2416 11Apple CanonicalDebian+8 more 19Chrome Debian LinuxEnterprise Linux+16 more Apr 23, 2026 Aug 11, 2009 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notatio...Show more Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.Show less
CVE-2009-2204 1Apple 1Iphone Os Apr 23, 2026 Aug 3, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that trigger...Show more Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.Show less
CVE-2009-1725 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not pro...Show more WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.Show less
CVE-2009-1724 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jul 9, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary we...Show more Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.Show less
CVE-2009-1692 1Apple 3Iphone Os Ipod TouchSafari Apr 23, 2026 Jun 19, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or devi...Show more WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.Show less

Previous 1...197 198199200 201 Next