Apple Iphone vulnerabilities

CVE-2022-22592 [MEDIUM] CVE-2022-22592: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2019-9536 [MEDIUM] CWE-755 CVE-2019-9536: Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate me Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

CVE-2008-4593 [LOW] CWE-200 CVE-2008-4593: Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disab Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.

CVE-2008-3950 [MEDIUM] CWE-189 CVE-2008-3950: Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit i Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of

CVE-2008-3632 [CRITICAL] CWE-399 CVE-2008-3632: Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

CVE-2008-3876 [LOW] CWE-264 CVE-2008-3876: Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow.

CVE-2008-0034 [MEDIUM] CVE-2008-0034: Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physi Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.

CVE-2007-3753 [HIGH] CWE-20 CVE-2007-3753: Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.

CVE-2007-3755 [MEDIUM] CWE-20 CVE-2007-3755: Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make ca Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.

CVE-2007-3754 [MEDIUM] CWE-287 CVE-2007-3754: Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or i Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.