Apple iOS vulnerabilities

CVE-2012-0643 [CRITICAL] CWE-264 CVE-2012-0643: The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

CVE-2012-0598 [CRITICAL] CWE-119 CVE-2012-0598: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

CVE-2012-0642 [CRITICAL] CWE-189 CVE-2012-0642: Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.

CVE-2011-2871 [CRITICAL] CWE-119 CVE-2011-2871: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

CVE-2012-0599 [CRITICAL] CWE-119 CVE-2012-0599: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

CVE-2012-0624 [CRITICAL] CWE-119 CVE-2012-0624: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

CVE-2012-0641 [MEDIUM] CVE-2012-0641: CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

CVE-2012-0585 [MEDIUM] CWE-264 CVE-2012-0585: The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass int The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

CVE-2012-0644 [MEDIUM] CWE-362 CVE-2012-0644: Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate atta Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.

CVE-2012-0590 [MEDIUM] CWE-79 CVE-2012-0590: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-ass Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

CVE-2012-0588 [MEDIUM] CVE-2012-0588: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote a Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.

CVE-2012-0589 [MEDIUM] CVE-2012-0589: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote a Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.

CVE-2012-0587 [MEDIUM] CVE-2012-0587: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote a Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.

CVE-2012-0586 [MEDIUM] CWE-79 CVE-2012-0586: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote a Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.

CVE-2012-0608 [MEDIUM] CWE-119 CVE-2012-0608: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

CVE-2012-0645 [LOW] CWE-264 CVE-2012-0645: Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice comm Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

CVE-2011-3041 [MEDIUM] CWE-416 CVE-2011-3041: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.

CVE-2011-3039 [MEDIUM] CWE-416 CVE-2011-3039: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.

CVE-2011-3043 [MEDIUM] CWE-416 CVE-2011-3043: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.

CVE-2011-3032 [MEDIUM] CWE-416 CVE-2011-3032: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.