Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple iPhone
Опубликовано:9 марта 2012 г.
Источник:
SecurityVulns ID:12239
Тип:удаленная
Уровень опасности:
7/10
Описание:Утечка информации, обход защиты, выход из ограниченной среды.
Затронутые продукты:APPLE : iPhone OS 5.1
CVE:CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.)
 CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.)
 CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.)
 CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.)
 CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.)
 CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.)
 CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.)
 CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2012-03-07-2 iOS 5.1 Software Update (09.03.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород