Computer Security
[EN] securityvulns.ru no-pyccku


Apple iPhone multiple security vulnerabilities
Published:16.11.2011
Source:
SecurityVulns ID:12037
Type:library
Threat Level:
7/10
Description:URL spoofing, memory corruption, protection bypass.
Affected:APPLE : Apple iOS 4.3
 APPLE : Apple iOS 5.0
CVE:CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.)
 CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.)
 CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.)
Original documentdocumentAPPLE, APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update (16.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod