This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2009-07-09
Product Iphone Os Last view 2020-02-12
Version 2.0.0 Type Os
Update -  
Edition ipodtouch  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:iphone_os

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-02-12 CVE-2014-8128

LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.

5.9 2017-08-02 CVE-2017-2278

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

9.8 2016-07-21 CVE-2016-4610

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4608

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

5.4 2016-07-21 CVE-2016-4604

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

6.5 2016-07-21 CVE-2016-4592

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

7.5 2016-07-21 CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

5.4 2016-07-21 CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

8.8 2016-07-21 CVE-2016-4589

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

6.5 2016-07-21 CVE-2016-4587

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

6.1 2016-07-21 CVE-2016-4585

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

3.1 2016-07-21 CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

10 2015-09-18 CVE-2015-5895

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.

4.3 2015-08-16 CVE-2015-3729

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

5 2014-03-14 CVE-2013-6835

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

4.3 2012-05-08 CVE-2012-0674

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

1.2 2011-11-11 CVE-2011-3440

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.

9.3 2011-07-19 CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

6.8 2011-03-10 CVE-2011-1344

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

6.8 2010-11-26 CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

6.8 2010-09-09 CVE-2010-1817

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

6.8 2010-09-09 CVE-2010-1815

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

6.8 2010-09-09 CVE-2010-1814

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.

6.8 2010-09-09 CVE-2010-1813

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.

6.8 2010-09-09 CVE-2010-1812

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

CWE : Common Weakness Enumeration

%idName
31% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (6) CWE-264 Permissions, Privileges, and Access Controls
13% (5) CWE-399 Resource Management Errors
5% (2) CWE-362 Race Condition
5% (2) CWE-189 Numeric Errors
5% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (2) CWE-20 Improper Input Validation
2% (1) CWE-787 Out-of-bounds Write
2% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (1) CWE-295 Certificate Issues
2% (1) CWE-284 Access Control (Authorization) Issues
2% (1) CWE-254 Security Features
2% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77013 Apple iOS for iPad 2 Smart Cover User Data Disclosure
73661 FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli...
72690 Apple Multiple Products Webkit WBR Tag Children Addition/Removal Use-after-f...
69500 Apple iOS Telephony on iPhone / iPad GSM Mobility Management Baseband Process...
67934 Apple iOS ImageIO on iPhone / iPod Crafted GIF File Overflow
67933 Apple iOS WebKit on iPhone / iPod Scrollbar Use-after-free Arbitrary Code Exe...
67932 Apple iOS WebKit on iPhone / iPod Menu Arbitrary Code Execution
67931 Apple iOS WebKit on iPhone / iPod HTML Object Outline Arbitrary Code Execution
67930 Apple iOS WebKit on iPhone / iPod Selections Use-after-free Arbitrary Code Ex...
67929 Apple iOS ImageIO on iPhone / iPod Crafted TIFF File Arbitrary Code Execution
67928 Apple iOS FaceTime on iPhone / iPod Invalid X.509 Certificate MiTM Call Redirect
67927 Apple iOS Accessibility Component on iPhone / iPod Location Services VoiceOve...
67926 Apple iOS WebKit on iPhone / iPod Inline Element Rendering Double-free Arbitr...
65708 Apple iOS Passcode Lock on iPhone / iPod Race Condition Initial Boot Passcod...
65707 Apple iOS WebKit on iPhone / iPod IFRAME Content Display Boundary Restriction...
65706 Apple iOS Settings Application on iPhone / iPod Wireless Network Usage Report...
65705 Apple iOS Safari on iPhone / iPod Accept Cookies Preference Implementation We...
65704 Apple iOS Passcode Lock on iPhone / iPod MobileMe Alert-based Unlock Passcode...
65703 Apple iOS ImageIO on iPhone / iPod Crafted JPEG File Arbitrary Code Execution
65702 Apple iOS CFNetwork on iPhone / iPod URL Handling Overflow
65701 Apple iOS Application Sandbox on iPhone / iPod Photo-library Access Restricti...
65700 Apple iOS WebKit on iPhone / iPod history.replaceState Method IFRAME Element ...
65657 Apple iTunes WebKit on Windows Unspecified Issue (2010-1387)
57886 Apple iPhone / iPod Touch CoreAudio AAC / MP3 File Handling Overflow
56987 Apple Safari WebKit Unspecified Homoglyph URL Domain Name Spoofing

ExploitDB Exploits

id Description
14967 Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) M...

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-06-06 Name : RedHat Update for freetype RHSA-2011:1085-01
File : nvt/gb_RHSA-2011_1085-01_freetype.nasl
2012-06-05 Name : RedHat Update for webkitgtk RHSA-2011:0177-01
File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl
2012-04-26 Name : Fedora Update for freetype FEDORA-2012-5422
File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-09 (FreeType)
File : nvt/glsa_201201_09.nasl
2011-12-05 Name : Fedora Update for freetype FEDORA-2011-15964
File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl
2011-12-02 Name : Fedora Update for freetype FEDORA-2011-15956
File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl
2011-11-11 Name : Fedora Update for freetype FEDORA-2011-14749
File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-21 Name : Debian Security Advisory DSA 2294-1 (freetype)
File : nvt/deb_2294_1.nasl
2011-09-21 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype23.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-09-07 Name : Fedora Update for freetype FEDORA-2011-9525
File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl
2011-08-29 Name : Apple iTunes Arbitrary Code Execution Vulnerability (Mac OS X)
File : nvt/secpod_itunes_code_exec_vuln_macosx.nasl
2011-08-12 Name : Apple Safari Multiple Vulnerabilities - April 2011 (Mac OS X)
File : nvt/gb_apple_safari_mult_vuln_apr11_macosx.nasl
2011-08-02 Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_120.nasl
2011-07-27 Name : Ubuntu Update for freetype USN-1173-1
File : nvt/gb_ubuntu_USN_1173_1.nasl
2011-03-07 Name : Mandriva Update for webkit MDVSA-2011:039 (webkit)
File : nvt/gb_mandriva_MDVSA_2011_039.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-11-17 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk21.nasl
2010-10-22 Name : Ubuntu Update for webkit vulnerabilities USN-1006-1
File : nvt/gb_ubuntu_USN_1006_1.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15982
File : nvt/gb_fedora_2010_15982_webkitgtk_fc12.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15957
File : nvt/gb_fedora_2010_15957_webkitgtk_fc13.nasl
2010-10-10 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk20.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14409
File : nvt/gb_fedora_2010_14409_webkitgtk_fc13.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2014-B-0024 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0046157

Snort® IPS/IDS

Date Description
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43677 - Type : FILE-PDF - Revision : 2
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43676 - Type : FILE-PDF - Revision : 2
2014-01-10 Apple Safari WebKit menu onchange memory corruption attempt
RuleID : 19010 - Type : BROWSER-WEBKIT - Revision : 10
2014-01-10 Apple Safari WebKit menu onchange memory corruption attempt
RuleID : 19009 - Type : BROWSER-WEBKIT - Revision : 8
2014-01-10 Apple Safari/Google Chrome Webkit memory corruption attempt
RuleID : 19005 - Type : BROWSER-CHROME - Revision : 9
2014-01-10 Apple Safari Webkit removeAllRanges use-after-free attempt
RuleID : 18995 - Type : BROWSER-WEBKIT - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-11-21 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-324-01.nasl - Type: ACT_GATHER_INFO
2016-11-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-693.nasl - Type: ACT_GATHER_INFO
2016-09-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3079-1.nasl - Type: ACT_GATHER_INFO
2016-09-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-610.nasl - Type: ACT_GATHER_INFO
2016-09-02 Name: The remote Fedora host is missing a security update.
File: fedora_2016-d957ffbac1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Fedora host is missing a security update.
File: fedora_2016-4728dfe3ec.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X security update that fixes multiple vul...
File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: macosx_Safari9_1_2.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host contains an application that is affected by multiple vulnerab...
File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host is running an application that is affected by multiple vulner...
File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO
2016-02-25 Name: An application running on the remote host is affected by multiple remote code...
File: nessus_sqlite_multiple.nasl - Type: ACT_GATHER_INFO
2015-09-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1475-1.nasl - Type: ACT_GATHER_INFO
2015-08-24 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1420-1.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The web browser installed on the remote host is affected by multiple vulnerab...
File: macosx_Safari8_0_8.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_SecUpd2015-006.nasl - Type: ACT_GATHER_INFO
2015-07-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-476.nasl - Type: ACT_GATHER_INFO
2015-05-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3273.nasl - Type: ACT_GATHER_INFO
2015-05-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-221.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-147.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-207.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_libfxt_20141107.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO