Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
19 Jun 2009
4504
Views
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple iPhone and iPod touch, which could be exploited by atatckers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflows, memory corruptions and use-after-free, integer overflows and underflows, uninitialized pointers, implementation and design issues, memory leaks, and input validation errors in CoreGraphics, Exchange, ImageIO, ICU, IPSec, libxml, Mail, MPEG-4 Video Codec, Profiles, Safari, Telephony, and WebKit.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple iPhone OS versions 1.0 through 2.2.1
- Apple iPhone OS for iPod touch versions 1.1 through 2.2.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple iPhone OS version 3.0.
Vulnerability Identifier
- CVE-2008-2320
- CVE-2008-3281
- CVE-2008-3529
- CVE-2008-3623
- CVE-2008-3651
- CVE-2008-3652
- CVE-2008-4225
- CVE-2008-4226
- CVE-2008-4409
- CVE-2009-0040
- CVE-2009-0145
- CVE-2009-0146
- CVE-2009-0147
- CVE-2009-0153
- CVE-2009-0155
- CVE-2009-0165
- CVE-2009-0945
- CVE-2009-0946
- CVE-2009-0958
- CVE-2009-0959
- CVE-2009-0961
- CVE-2009-1179
- CVE-2009-1679
- CVE-2009-1680
- CVE-2009-1683
- CVE-2009-1684
- CVE-2009-1685
- CVE-2009-1686
- CVE-2009-1687
- CVE-2009-1688
- CVE-2009-1689
- CVE-2009-1690
- CVE-2009-1691
- CVE-2009-1692
- CVE-2009-1693
- CVE-2009-1694
- CVE-2009-1695
- CVE-2009-1697
- CVE-2009-1698
- CVE-2009-1699
- CVE-2009-1700
- CVE-2009-1701
- CVE-2009-1702
Source
Related Link
Share with