9 matches found
CVE-2022-22592
CVE-2022-22592 is a WebKit/WebKitGTK logic issue (state management) that may allow malicious web content to bypass or prevent enforcement of Content Security Policy. In the connected advisories, the vulnerability is cited across multiple ecosystems: Apple platforms (WebKit/WebKitGPU stack) with f...
CVE-2008-3632
CVE-2008-3632 is a WebKit use-after-free vulnerability reported in SUSE/Nessus entries, affecting Apple iPod touch (1.1–2.0.2) and iPhone (1.0–2.0.2). The flaw arises in the CSS import handling of WebKit, enabling a remote attacker to trigger arbitrary code execution or cause an application crash...
CVE-2008-0034
The set of connected sources provides concrete details for CVE-2008-0034: Apple iPhone 1.0–1.1.2 Passcode Lock can be bypassed by a user with physical access through emergency-call handling, allowing execution of applications without entering the passcode. The affected software is the iPhone’s Pa...
CVE-2008-3950
The CVE is based on a real DoS vulnerability in WebKit used by Safari on iPhone/iPod touch (versions 1.1.4 and 2.0). The issue is an off-by-one in _web_drawInRect:withFont:ellipsis:alignment:measureOnly: triggered by a crafted alert() string with a length that is a multiple of the 4096-byte memor...
CVE-2007-3753
CVE-2007-3753 affects Apple iPhone 1.1.1 with Bluetooth enabled. The issue arises in the Bluetooth SDP packet handling, where insufficient input validation allows a physically proximate attacker to terminate the affected application (DoS) and potentially execute arbitrary code. The vulnerability ...
CVE-2007-3755
The CVE-2007-3755 issue affects the Apple iPhone’s Mail client (around v1.1.1) where embedded tel: links can trigger phone calls without user confirmation. The root cause is processing tel: hyperlinks in the Mail client that allows remote user-assisted attackers to cause the device to dial arbitr...
CVE-2008-4593
Summary: CVE-2008-4593 (Apple iPhone OS 1.0–2.1 / iPod touch 1.1–2.1) allows physically proximate attackers to view sensitive SMS content by exploiting the Emergency Call screen when Passcode is required and SMS Preview is off. The linked documents (CVE-2008-4230, PRION/N) describe the same issue...
CVE-2007-3754
CVE-2007-3754 : The Apple iPhone Mail client in iPhone OS 1.1.1 does not warn users when the mail server identity changes or is untrusted while using SSL, which could enable a remote attacker to perform a MITM, stealing credentials and reading email. The available connected sources confirm the af...
CVE-2008-3876
CVE-2008-3876 affects Apple iPhone 2.0.2. In certain configurations, an attacker physically proximate can bypass intended access restrictions and either obtain sensitive information or make arbitrary use of the device by performing an Emergency Call tap, a Home double-tap, and then tapping a cont...