Page 27 of 161 results (0.013 seconds)

CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. El componente Exchange Support en Apple iPhome OS anteriores a la 3.1, e iPhone OS anteriores a 3.1.1 para iPod touch, no implementan de forma adecuada la funcionalidad de bloqueo por tiempo de inactividad máximo, lo que permite a usuarios locales saltarse las restricciones impuestas por Microsoft Exchange seleccionando un valor de tiempo grande para Requiere Passcode. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://secunia.com/advisories/36677 http://support.apple.com/kb/HT3860 http://www.securityfocus.com/bid/36342 https://exchange.xforce.ibmcloud.com/vulnerabilities/53181 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.8EPSS: 3%CPEs: 41EXPL: 1

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Múltiples desbordamientos de búfer en la región heap de la memoria en la biblioteca AudioCodecs en el componente CoreAudio en iPhone OS anterior a versión 3.1, y iPhone OS anterior a versión 3.1.1 para iPod touch, de Apple, permiten a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un archivo (1) AAC o (2) MP3 diseñado, como es demostrado mediante un tono de llamada con entradas malformadas en la tabla de tamaño de muestra. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://secunia.com/advisories/36677 http://support.apple.com/kb/HT3860 http://www.securityfocus.com/archive/1/506464/100/0/threaded http://www.securityfocus.com/bid/36338 http://www.securitytracker.com/id?1022869 http://www.trapkit.de/advisories/TKADV2009-007.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/53180 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. El componente Telephony en Apple iPhone OS anterior a v3.1 no maneja adecuadamente las notificaciones de llegada SMS, lo que permite a atacantes remotos provocar una denagación de servicio (puntero a deferencia NULL e interrupción del servicio) a través de un mensaje SMS manipulado. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://secunia.com/advisories/36677 http://support.apple.com/kb/HT3860 • CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 74EXPL: 0

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas, permite a atacantes remotos falsificar nombres de dominio en URL y posiblemente conducir ataques de phishing, por medio de homoglifos no especificados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/36677 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT3860 http://www.securityfocus.com/bid/36026 http://www.securitytracker.com/id?1022719 http://www.vupen.com/english/advisories&#x •

CVSS: 10.0EPSS: 23%CPEs: 17EXPL: 1

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. Vulnerabilidad sin especificar en el componente CoreTelephony en Apple iPhone anterior a 3.0.1, permite a atacantes remotos ejecutar código de su elección, obtener coordenadas GPS o activar el micrófono a través de un SMS que provoca una corrupción de memoria, como se demostró por Charlie Miller en la SyScan '09 en Singapur. • http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html http://news.cnet.com/8301-1009_3-10278472-83.html http://secunia.com/advisories/36070 http://securitytracker.com/id?1022626 http://support.apple.com/kb/HT3754 http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf http://www.osvdb.org/55687 http://www.securityfocus.com/bid/35569 http://www.syscan.org/Sg/program.html http://www.vupen.com/english/advisories/2009 •