Page 6 of 31 results (0.008 seconds)

CVSS: 2.6EPSS: 2%CPEs: 16EXPL: 0

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1; no aísla el diálogo de aceptar llamadas (call-approval) del proceso de lanzamiento de nuevas aplicaciones, esto permite a atacantes remotos realizar llamadas de teléfono de su elección a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50030 http://secunia.com/advisories/32756 http://securitytracker.com/id?1021264 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.vupen.com/english/advisories/2008/3232 •

CVSS: 3.7EPSS: 0%CPEs: 15EXPL: 0

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Condición de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes físicamente próximos eliminar el bloqueo y lanzar aplicaciones de su elección al restaurar el dispositivo desde una copia de seguridad. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50026 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021271 http://www.vupen.com/english/advisories/2008/3232 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 3.6EPSS: 0%CPEs: 15EXPL: 0

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a un número de se elección. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50025 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021271 http://www.vupen.com/english/advisories/2008/3232 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas bajo del que fue usado previamente, lo cual facilita a atacantes remotos obtener información sensible o secuestras una conexión mediante el descifrado del trafico de red. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50024 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021269 http://www.vupen.com/english/advisories/2008/3232 • CWE-310: Cryptographic Issues •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. El Sandbox de Aplicaciones en iPod touch versión 2.0 hasta 2.0.2, y iPhone versión 2.0 hasta 2.0.2 de Apple , no aísla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplicación de terceros por medio de una aplicación de terceros diferente. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://secunia.com/advisories/31823 http://secunia.com/advisories/31900 http://support.apple.com/kb/HT3026 http://support.apple.com/kb/HT3129 http://www.securityfocus.com/bid/31092 http://www.securitytracker.com/id?1020846 http://www.vupen.com/english/advisories/2008/2525 http://www.vupen.com/english/advisories/2008/2558 • CWE-264: Permissions, Privileges, and Access Controls •