About the security content of iOS 4

This document describes the security content of iOS 4.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

iOS 4

  • Application Sandbox

    CVE-ID: CVE-2010-1751

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: An application may be able to infer the user's location without authorization

    Description: The Application Sandbox does not prevent applications from directly accessing the user's photo library. This may allow an application to determine visited locations without authorization. This issue is addressed by modifying the Application Sandbox to prevent direct access to the user's photo library. Credit to Zac White for reporting this issue.

  • CFNetwork

    CVE-ID: CVE-2010-1752

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Laurent OUDOT of TEHTRI-Security for reporting this issue.

  • Find My iPhone

    CVE-ID: CVE-2010-1776

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A device with a MobileMe account configured may be remotely wiped, even if "Find My iPhone" is disabled

    Description: A user may configure their device to use MobileMe. Individual MobileMe services may be enabled or disabled via the Settings app. Disabling the "Find My iPhone" service prevents the device from being located via MobileMe, but does not prevent the phone from being wiped. An attacker with access to the password of the configured MobileMe account may be able to wipe the device. This issue is addressed by disabling remote wipe and message display when the "Find My iPhone" service is disabled on the device.

  • ImageIO

    CVE-ID: CVE-2010-0041

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory initialization and additional validation of BMP images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0042

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0043

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Gus Mueller of Flying Meat for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1753

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Processing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of JPEG images. Processing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Ladd Van Tol of Critical Path Software for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1816

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Processing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the handling of images. Processing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Joseph Spiros of iThink Software for reporting this issue.

  • LibSystem

    CVE-ID: CVE-2009-0689

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Applications that convert untrusted data between binary floating point and text may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the floating point binary to text conversion code within Libsystem. An attacker who can cause an application to convert a floating point value into a long string, or to parse a maliciously crafted string as a floating point value, may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Maksymilian Arciemowicz of SecurityReason.com for reporting this issue.

  • libxml

    CVE-ID: CVE-2009-2414, CVE-2009-2416

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination

    Description: Multiple use after free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. The issues are addressed through improved memory handling. Credit to Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. for reporting these issues.

  • Passcode Lock

    CVE-ID: CVE-2010-1754

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Remote Lock via MobileMe may not be effective in preventing access

    Description: If the device is unlocked in response to an alert, such as receiving a text message or voicemail, and MobileMe is then used to Remote Lock the device, then the next unlock of the device will have the passcode already entered. A person with physical access to the device will not require the passcode in this situation. This issue is addressed by properly clearing the passcode. Credit to Sidney San Martin of DeepTech, Inc. for reporting this issue.

  • Passcode Lock

    CVE-ID: CVE-2010-1775

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A person with physical access to a device may be able to access the user's data

    Description: A device with a passcode set may only be paired with a computer if the device is unlocked. A race condition permits pairing for a short period after the initial boot, if the device was unlocked before powering down. If the device was shut down from a locked state, this issue does not occur. This issue is addressed through improved checking for the locked state.

  • Safari

    CVE-ID: CVE-2010-1755

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Cookies may be set by third-party sites even when the Accept Cookies preference is set to "From visited" or "Never"

    Description: An implementation issue exists in the handling of cookie preferences. Cookie preferences are not applied until Safari is restarted. Cookies may be set by third-party sites even when the Accept Cookies preference is set to "From visited" or "Never". This issue is addressed by applying the Accept Cookies preference. Credit to Jason Dent o Street Side Software for reporting this issue.

  • Safari

    CVE-ID: CVE-2010-1384

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A maliciously crafted URL may be obfuscated, making phishing attacks more effective

    Description: Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks. Safari is updated to display a warning before navigating to an HTTP or HTTPS URL containing user information. Credit to Abhishek Arya of Google, Inc. for reporting this issue.

  • Safari

    CVE-ID: CVE-2009-1723

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A maliciously crafted website may control the displayed website URL while a certificate warning is displayed

    Description: When Safari reaches a website via a 302 redirection and a certificate warning is displayed, the URL bar will contain the original website URL instead of the current website URL. This may allow a maliciously crafted website that is reached via an open redirector on a user-trusted website to control the displayed website URL while a certificate warning is displayed. This issue is addressed by returning the correct URL in the underlying CFNetwork layer. Credit to Kevin Day of Your.Org, and Jason Mueller of Indiana University for reporting this issue.

  • Settings

    CVE-ID: CVE-2010-1756

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A user may be misled as to the actual operational wireless network

    Description: A design issue exists in the Settings application. When connected a hidden wireless network, the Settings application may incorrectly indicate another wireless network. This issue is addressed by properly displaying the active wireless network. Credit to Wilfried Teiken for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-2195

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in WebKit's parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. The issue is addressed through improved bounds checking. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2009-2816

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in unexpected actions on other websites

    Description: An issue exists in WebKit's implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. This issue is addressed by removing custom HTTP headers from preflight requests. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-0544

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack

    Description: An issue in Webkit's handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. This issue is addressed through improved handling of URLs. Credit to Michal Zalewski of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1395

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a malicious site may lead to a cross-site scripting attack

    Description: A scope management issue exists in WebKit's handling of event objects. Visiting a malicious site may lead to a cross-site scripting attack. This issue is addressed through improved handling of event objects. Credit to Gianni "gf3" Chiappetta of Runlevel6 for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0051

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An implementation issue exists in WebKit's handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the content of protected resources on another website. This issue is addressed by performing additional validation on stylesheets that are loaded during a cross-origin request.

  • WebKit

    CVE-ID: CVE-2010-1390

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a website using UTF-7 encoding may lead to a cross-site scripting attack

    Description: A canonicalization issue exists in WebKit's handling of UTF-7 encoded text. An HTML quoted string may be left unterminated, leading to a cross-site scripting attack or other issues. This issue is addressed by removing support for UTF-7 encoding in WebKit. Credit to Masahiro Yamada for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0047

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML object element fallback content. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0053

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the rendering of content with a CSS display property set to 'run-in'. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0050

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of incorrectly nested HTML tags. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1406

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting an HTTPS site which redirects to an HTTP site may lead to an information disclosure

    Description: When WebKit is redirected from an HTTPS site to an HTTP site, the Referer header is passed to the HTTP site. This can lead to the disclosure of sensitive information contained in the URL of the HTTPS site. This issue is addressed by not passing the Referer header when an HTTPS site redirects to an HTTP site. Credit to Colin Percival of Tarsnap for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0048

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's parsing of XML documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509 working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0046

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0052

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1397

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's rendering of a selection when the layout changes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to wushi&Z of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0049

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML elements containing right-to-left displayed text. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1393

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an information disclosure

    Description: An information disclosure issue exists in WebKit's handling of Cascading Stylesheets. If a stylesheet's HREF attribute is set to a URL that causes a redirection, scripts on the page may be able to access the redirected URL. Visiting a maliciously crafted website may lead to the disclosure of sensitive URLs on another site. This issue is addressed by returning the original URL to scripts, rather than the redirected URL.

  • WebKit

    CVE-ID: CVE-2010-0054

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of HTML image elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1119

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to Vincenzo Iozzo and Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative, and Michal Zalewski of Google, Inc., for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1387

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in JavaScriptCore during page transitions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

  • WebKit

    CVE-ID: CVE-2010-1400

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of caption elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of caption elements. Credit to regenrecht working with iDefense for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1409

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may allow remotely specified data to be sent to an IRC server

    Description: Common IRC service ports are not included in WebKit's port blacklist. Visiting a maliciously crafted website may allow remotely specified data to be sent to an IRC server. This may cause the server to take unintended actions on the user's behalf. This issue is addressed by adding the affected ports to WebKit's port blacklist.

  • WebKit

    CVE-ID: CVE-2010-1398

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of ordered list insertions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of list insertions. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1402

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A double free issue exists in WebKit's handling of event listeners in SVG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG images. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1394

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A design issue exists in WebKit's handling of HTML document fragments. The contents of HTML document fragments are processed before a fragment is actually added to a document. Visiting a maliciously crafted website could lead to a cross-site scripting attack if a legitimate website attempts to manipulate a document fragment containing untrusted data. This issue is addressed by ensuring that initial fragment parsing has no side effects on the document that created the fragment. Credit to Eduardo Vela Nava (sirdarckcat) of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1399

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit's handling of selection changes on form input elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1396

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of the removal of container elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1401

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of the ':first-letter' pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ':first-letter' pseudo-element. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1403

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit's handling of malformed XML when rendering SVG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG images. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1404

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of SVG images with multiple 'use' elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG images. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1410

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of malformed XML in SVG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of XML in SVG images. Credit to Aki Helin of OUSPG for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1391

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may cause files to be created in arbitrary user-writable locations

    Description: A path traversal issue exists in WebKit's support for Local Storage and Web SQL databases. If accessed from an application-defined scheme containing '%2f' (/) or '%5c' (\) and '..' in the host section of the URL, a maliciously crafted website may cause database files to be created outside of the designated directory. This issue is addressed by encoding characters that may have special meaning in pathnames. This issue does not affect sites served from http: or https: schemes. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1408

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in sending remotely specified data to arbitrary TCP ports

    Description: An integer truncation issue exists in WebKit's handling of requests to non-default TCP ports. Visiting a maliciously crafted website may result in sending remotely specified data to arbitrary TCP ports. This issue is addressed by ensuring that port numbers are within the valid range.

  • WebKit

    CVE-ID: CVE-2010-1392

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Matthieu Bonetti of VUPEN Vulnerability Research Team, and wushi of team509 working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1405

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of HTML elements with custom vertical positioning. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to Ojan Vafai of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1407

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in an information disclosure

    Description: An information disclosure issue exists in WebKit's handling of the 'history.replaceState' method. Within an iframe, calls to replaceState affect the parent frame even if the parent is in a separate origin. Visiting a maliciously crafted website may result in an information disclosure. This issue is addressed by restricting the operation of replaceState calls to the current frame. Credit to Darin Fisher of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1757

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Websites with embedded iframe elements may be vulnerable to user interface spoofing

    Description: Safari allows an iframe element to display content outside its boundaries, which may lead to user interface spoofing. This issue is addressed by not allowing iframe elements to display content outside their boundaries. Credit to Wayne Pan of AdMob, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1413

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: A user's NTLM credentials may be exposed to a man in the middle attacker

    Description: In certain circumstances, WebKit may send NTLM credentials in plain text. This would allow a man in the middle attacker to view the NTLM credentials. This issue is addressed through improved handling of NTLM credentials. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1389

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Dragging or pasting a selection may lead to a cross-site scripting attack

    Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. Credit to Paul Stone of Context Information Security for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0544

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack

    Description: An issue in Webkit's handling of malformed URLs may result in a cross-site scripting attack when visiting a maliciously crafted website. This issue is addressed through improved handling of URLs. Credit to Michal Zalewski of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1417

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's rendering of CSS-styled HTML content with multiple :after pseudo-selectors. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved rendering of HTML content. Credit to wushi of team509 for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1414

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of the removeChild DOM method. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of child element removal. Credit to Mark Dowd of Azimuth Security for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1418

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: An input validation issue exists in WebKit's handling of the src attribute of the frame element. An attribute with a javascript scheme and leading spaces is considered valid. Visiting a maliciously crafted website could lead to a cross-site scripting attack. This update addresses the issue by properly validating frame.src before the URL is dereferenced. Credit to Sergey Glazunov for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1416

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may disclose images from other sites

    Description: A cross-site image capture issue exists in WebKit. By using a canvas with an SVG image pattern, a maliciously crafted website may load and capture an image from another website. This issue is addressed by restricting the reading of canvases that contain patterns loaded from other websites. Credit to Chris Evans of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1415

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An API abuse issue exists in WebKit's handling of libxml contexts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of libxml context objects. Credit to Aki Helin of OUSPG for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1758

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of DOM Range objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of DOM Range objects. Credit to Yaar Schnitman of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1759

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of the Node.normalize method. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the Node.normalize method. Credit to Mark Dowd for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1761

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit’s rendering of HTML document subtrees. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved rendering of HTML document subtrees. Credit to James Robinson of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1762

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A design issue exists in the handling of HTML contained in textarea elements. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved validation of textarea elements. Credit to Eduardo Vela Nava (sirdarckcat) of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1769

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An out of bounds memory access issue exists in WebKit's handling of tables. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1774

    Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An out of bounds memory access issue exists in WebKit's handling of HTML tables. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Published Date: