CVE-2009-1683
https://notcve.org/view.php?id=CVE-2009-1683
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicializar el dispositivo) mediante una petición de eco ICMP manipulada, disparando un error de aserción relacionado con un "elemento lógico". • http://jvn.jp/en/jp/JVN87239696/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.vupen.com/english/advisories/2009/1621 •
CVE-2009-0959
https://notcve.org/view.php?id=CVE-2009-0959
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." El codificador de vídeo MPEG-4 en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicialización de dispositivo) mediante un fichero de vídeo MPEG-4 manipulado que dispara un "evento de validación de entrada". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55237 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35433 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51211 • CWE-20: Improper Input Validation •
CVE-2009-1679
https://notcve.org/view.php?id=CVE-2009-1679
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuración, puede reemplazar la política de contraseña desde Exchange ActiveSync por una política de contraseña débil, permitiendo a atacantes próximos físicamente eludir la política prevista. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55239 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35436 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51212 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0960
https://notcve.org/view.php?id=CVE-2009-0960
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. El componente Mail en iPhone OS versiones 1.0 hasta 2.2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, no proporciona una opción para deshabilitar la carga remota de imágenes en el correo electrónico HTML, lo que permite a los atacantes remotos determinar la dirección del dispositivo y cuando se lee un correo electrónico por medio de un correo electrónico HTML que contiene una URL de imagen. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35434 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51209 •
CVE-2009-0961 – Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass
https://notcve.org/view.php?id=CVE-2009-0961
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. El componente Mail en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 descarta el dialogo de aprobación de llamada cuando aparece otra alerta, pudiendo permitir a atacantes remotos forzar al iPhone hacer una llamada sin la aprobación del usuario al causar que una aplicación dispare una alerta. • https://www.exploit-db.com/exploits/33044 https://www.exploit-db.com/exploits/33045 https://www.exploit-db.com/exploits/33046 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55238 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51210 •