Summary
Detail | |||
---|---|---|---|
Vendor | Apple | First view | 2009-07-09 |
Product | Iphone Os | Last view | 2020-02-12 |
Version | 2.2.1 | Type | Os |
Update | - | ||
Edition | ipodtouch | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:apple:iphone_os |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2020-02-12 | CVE-2014-8128 | LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. |
9.8 | 2016-07-21 | CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. |
9.8 | 2016-07-21 | CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. |
5.4 | 2016-07-21 | CVE-2016-4604 | Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. |
6.5 | 2016-07-21 | CVE-2016-4592 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. |
7.5 | 2016-07-21 | CVE-2016-4591 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. |
5.4 | 2016-07-21 | CVE-2016-4590 | WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
8.8 | 2016-07-21 | CVE-2016-4589 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. |
6.5 | 2016-07-21 | CVE-2016-4587 | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. |
6.1 | 2016-07-21 | CVE-2016-4585 | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. |
3.1 | 2016-07-21 | CVE-2016-4583 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. |
10 | 2015-09-18 | CVE-2015-5895 | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. |
4.3 | 2015-08-16 | CVE-2015-3729 | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. |
5 | 2014-03-14 | CVE-2013-6835 | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. |
4.3 | 2012-05-08 | CVE-2012-0674 | Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. |
1.2 | 2011-11-11 | CVE-2011-3440 | The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
9.3 | 2011-07-19 | CVE-2011-0226 | Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
6.8 | 2011-03-10 | CVE-2011-1344 | Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. |
6.8 | 2010-11-26 | CVE-2010-3832 | Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. |
6.8 | 2010-09-09 | CVE-2010-1817 | Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. |
6.8 | 2010-09-09 | CVE-2010-1815 | Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. |
6.8 | 2010-09-09 | CVE-2010-1814 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. |
6.8 | 2010-09-09 | CVE-2010-1813 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. |
6.8 | 2010-09-09 | CVE-2010-1812 | Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. |
6.8 | 2010-09-09 | CVE-2010-1811 | ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
32% (12) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
16% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
13% (5) | CWE-399 | Resource Management Errors |
5% (2) | CWE-362 | Race Condition |
5% (2) | CWE-189 | Numeric Errors |
5% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
5% (2) | CWE-20 | Improper Input Validation |
2% (1) | CWE-787 | Out-of-bounds Write |
2% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
2% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
2% (1) | CWE-284 | Access Control (Authorization) Issues |
2% (1) | CWE-254 | Security Features |
2% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
77013 | Apple iOS for iPad 2 Smart Cover User Data Disclosure |
73661 | FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli... |
72690 | Apple Multiple Products Webkit WBR Tag Children Addition/Removal Use-after-f... |
69500 | Apple iOS Telephony on iPhone / iPad GSM Mobility Management Baseband Process... |
67934 | Apple iOS ImageIO on iPhone / iPod Crafted GIF File Overflow |
67933 | Apple iOS WebKit on iPhone / iPod Scrollbar Use-after-free Arbitrary Code Exe... |
67932 | Apple iOS WebKit on iPhone / iPod Menu Arbitrary Code Execution |
67931 | Apple iOS WebKit on iPhone / iPod HTML Object Outline Arbitrary Code Execution |
67930 | Apple iOS WebKit on iPhone / iPod Selections Use-after-free Arbitrary Code Ex... |
67929 | Apple iOS ImageIO on iPhone / iPod Crafted TIFF File Arbitrary Code Execution |
67928 | Apple iOS FaceTime on iPhone / iPod Invalid X.509 Certificate MiTM Call Redirect |
67927 | Apple iOS Accessibility Component on iPhone / iPod Location Services VoiceOve... |
67926 | Apple iOS WebKit on iPhone / iPod Inline Element Rendering Double-free Arbitr... |
65708 | Apple iOS Passcode Lock on iPhone / iPod Race Condition Initial Boot Passcod... |
65707 | Apple iOS WebKit on iPhone / iPod IFRAME Content Display Boundary Restriction... |
65706 | Apple iOS Settings Application on iPhone / iPod Wireless Network Usage Report... |
65705 | Apple iOS Safari on iPhone / iPod Accept Cookies Preference Implementation We... |
65704 | Apple iOS Passcode Lock on iPhone / iPod MobileMe Alert-based Unlock Passcode... |
65703 | Apple iOS ImageIO on iPhone / iPod Crafted JPEG File Arbitrary Code Execution |
65702 | Apple iOS CFNetwork on iPhone / iPod URL Handling Overflow |
65701 | Apple iOS Application Sandbox on iPhone / iPod Photo-library Access Restricti... |
65700 | Apple iOS WebKit on iPhone / iPod history.replaceState Method IFRAME Element ... |
65657 | Apple iTunes WebKit on Windows Unspecified Issue (2010-1387) |
57886 | Apple iPhone / iPod Touch CoreAudio AAC / MP3 File Handling Overflow |
56987 | Apple Safari WebKit Unspecified Homoglyph URL Domain Name Spoofing |
ExploitDB Exploits
id | Description |
---|---|
14967 | Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) M... |
OpenVAS Exploits
id | Description |
---|---|
2012-06-06 | Name : RedHat Update for freetype RHSA-2011:1085-01 File : nvt/gb_RHSA-2011_1085-01_freetype.nasl |
2012-06-05 | Name : RedHat Update for webkitgtk RHSA-2011:0177-01 File : nvt/gb_RHSA-2011_0177-01_webkitgtk.nasl |
2012-04-26 | Name : Fedora Update for freetype FEDORA-2012-5422 File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-09 (FreeType) File : nvt/glsa_201201_09.nasl |
2011-12-05 | Name : Fedora Update for freetype FEDORA-2011-15964 File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl |
2011-12-02 | Name : Fedora Update for freetype FEDORA-2011-15956 File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl |
2011-11-11 | Name : Fedora Update for freetype FEDORA-2011-14749 File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2294-1 (freetype) File : nvt/deb_2294_1.nasl |
2011-09-21 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype23.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-09-07 | Name : Fedora Update for freetype FEDORA-2011-9525 File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl |
2011-08-29 | Name : Apple iTunes Arbitrary Code Execution Vulnerability (Mac OS X) File : nvt/secpod_itunes_code_exec_vuln_macosx.nasl |
2011-08-12 | Name : Apple Safari Multiple Vulnerabilities - April 2011 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_apr11_macosx.nasl |
2011-08-02 | Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2) File : nvt/gb_mandriva_MDVSA_2011_120.nasl |
2011-07-27 | Name : Ubuntu Update for freetype USN-1173-1 File : nvt/gb_ubuntu_USN_1173_1.nasl |
2011-03-07 | Name : Mandriva Update for webkit MDVSA-2011:039 (webkit) File : nvt/gb_mandriva_MDVSA_2011_039.nasl |
2011-02-18 | Name : Fedora Update for webkitgtk FEDORA-2011-1224 File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl |
2011-01-11 | Name : Fedora Update for webkitgtk FEDORA-2011-0121 File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl |
2010-11-17 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk21.nasl |
2010-10-22 | Name : Ubuntu Update for webkit vulnerabilities USN-1006-1 File : nvt/gb_ubuntu_USN_1006_1.nasl |
2010-10-22 | Name : Fedora Update for webkitgtk FEDORA-2010-15982 File : nvt/gb_fedora_2010_15982_webkitgtk_fc12.nasl |
2010-10-22 | Name : Fedora Update for webkitgtk FEDORA-2010-15957 File : nvt/gb_fedora_2010_15957_webkitgtk_fc13.nasl |
2010-10-10 | Name : FreeBSD Ports: webkit-gtk2 File : nvt/freebsd_webkit-gtk20.nasl |
2010-09-22 | Name : Fedora Update for webkitgtk FEDORA-2010-14409 File : nvt/gb_fedora_2010_14409_webkitgtk_fc13.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-23 | FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43677 - Type : FILE-PDF - Revision : 2 |
2017-08-23 | FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43676 - Type : FILE-PDF - Revision : 2 |
2014-01-10 | Apple Safari WebKit menu onchange memory corruption attempt RuleID : 19010 - Type : BROWSER-WEBKIT - Revision : 10 |
2014-01-10 | Apple Safari WebKit menu onchange memory corruption attempt RuleID : 19009 - Type : BROWSER-WEBKIT - Revision : 8 |
2014-01-10 | Apple Safari/Google Chrome Webkit memory corruption attempt RuleID : 19005 - Type : BROWSER-CHROME - Revision : 9 |
2014-01-10 | Apple Safari Webkit removeAllRanges use-after-free attempt RuleID : 18995 - Type : BROWSER-WEBKIT - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-11-21 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-324-01.nasl - Type: ACT_GATHER_INFO |
2016-11-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-693.nasl - Type: ACT_GATHER_INFO |
2016-09-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3079-1.nasl - Type: ACT_GATHER_INFO |
2016-09-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-610.nasl - Type: ACT_GATHER_INFO |
2016-09-02 | Name: The remote Fedora host is missing a security update. File: fedora_2016-d957ffbac1.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote Fedora host is missing a security update. File: fedora_2016-4728dfe3ec.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote host is missing a Mac OS X security update that fixes multiple vul... File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: macosx_Safari9_1_2.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host contains an application that is affected by multiple vulnerab... File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host is running an application that is affected by multiple vulner... File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO |
2016-02-25 | Name: An application running on the remote host is affected by multiple remote code... File: nessus_sqlite_multiple.nasl - Type: ACT_GATHER_INFO |
2015-09-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1475-1.nasl - Type: ACT_GATHER_INFO |
2015-08-24 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1420-1.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The web browser installed on the remote host is affected by multiple vulnerab... File: macosx_Safari8_0_8.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_SecUpd2015-006.nasl - Type: ACT_GATHER_INFO |
2015-07-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-476.nasl - Type: ACT_GATHER_INFO |
2015-05-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3273.nasl - Type: ACT_GATHER_INFO |
2015-05-18 | Name: The remote Debian host is missing a security update. File: debian_DLA-221.nasl - Type: ACT_GATHER_INFO |
2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-147.nasl - Type: ACT_GATHER_INFO |
2015-03-10 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-207.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_libfxt_20141107.nasl - Type: ACT_GATHER_INFO |
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO |