Apple iOS 3.x < 3.1 Multiple Vulnerabilities

The remote mobile host is a using a version of Apple iOS earlier than 3.1. Such versions are potentially affected by multiple issues:

• An issue in WebKit’s handling of the parent and top objects could result in cross-site scripting attacks. (CVE-2009-1724)

• A memory corruption issue in WebKits’s handling of numeric character references. (CVE-2009-1725)

• The International Domain Name support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. (CVE-2009-2199)

• A heap buffer overflow exists in the handling of AAC or MP3 files. (CVE-2009-2206)

• Spotlight finds and allows access to deleted messages in Mail folders on the device. (CVE-2009-2207)

• The iPhone OS allows users to specify a ‘Require Passcode’ setting that may be greater than the ‘Maximum Inactivity time lock’ setting from Microsoft Exchange servers. (CVE-2009-2794)

• A heap buffer overflow exists in Recovery Mode command parsing. (CVE-2009-2795)

• When a character in a password is deleted, and the deletion is undone, the character is briefly made visible. (CVE-2009-2796)

• Safari includes the user name and password from the original URL in the referer header. (CVE-2009-2797)

• A null pointer dereference issue exists in the handling of SMS arrival notifications. (CVE-2009-2815)