New User, Welcome!     Login

iPhone OS

[ MDVSA-2010:027 ] kdelibs4

 attackers to spoof arbitrary SSL servers via a crafted certificate
 issued by a legitimate Certification Authority, a related issue to
 CVE-2009-2408 (CVE-2009-2702).
 
 The JavaScript garbage collector in WebKit in Apple Safari before
 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
 through 2.2.1 does not properly handle allocation failures, which
 allows remote attackers to execute arbitrary code or cause a denial
 of service (memory corruption and application crash) via a crafted
 HTML document that triggers write access to an offset of a NULL
 pointer. (CVE-2009-1687).

[ MDVSA-2009:330 ] kdelibs

 crash) or possibly have unspecified other impact via a large precision
 value in the format argument to a printf function, related to an
 array overrun. (CVE-2009-0689)
 
 The JavaScript garbage collector in WebKit in Apple Safari before
 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
 through 2.2.1 does not properly handle allocation failures, which
 allows remote attackers to execute arbitrary code or cause a denial
 of service (memory corruption and application crash) via a crafted
 HTML document that triggers write access to an offset of a NULL
 pointer. (CVE-2009-1687)

Re: iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>>        
>> -----------------------------
>>

[GSEC-TZO-45-2009] iPhone remote code execution

BID       : 35318
Credit    : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller

Affected products :
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1

I. Background
¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "

iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

-----------------------------

Fix:

   iPhone OS 2.2
   iPhone OS 2.2.1
   iPhone OS 3.0
        
-----------------------------

Re: iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

>>>
>>> -----------------------------
>>>
>>> Fix:
>>>
>>>   iPhone OS 2.2
>>>   iPhone OS 2.2.1
>>>   iPhone OS 3.0
>>>    
>>> -----------------------------
>>>

Re: iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

>
>-----------------------------
>
>Fix:
>
>   iPhone OS 2.2
>   iPhone OS 2.2.1
>   iPhone OS 3.0
>    
>-----------------------------
>

[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability

Apple Mobile Safari on iOS 5.1
Prior versions may also be affected

The affected version produced following user-agent header
==========================
Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3

Testing environment
==========================
The proof of concept has been tested on an iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!