iPhone 3GS100 results found

About the security content of iOS 5 Software Update

CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information from a CalDAV calendar server Description: CalDAV did not check that the SSL certificate presented by the server was trusted. CVE-ID CVE-2011-3253 : Leszek Tasiemski of nSense Calendar Available for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 through 4.3.5 for iPad Impact: Viewing a maliciously crafted calendar invitation may inject script in the local domain Description: A script injection issue existed in Calendar's handling of invitation notes. This issue is addressed through improved escaping of special characters in invitation notes. This issues does not affect devices prior to iOS 4.2.0. CVE-ID CVE-2011-3254 : Rick Deacon CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: User's AppleID password may be logged to a local file Description: A user's AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials. CVE-ID CVE-2011-3255 : Peter Quade of qdevelop CFNetwork Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreFoundation Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. CVE-ID CVE-2011-0259 : Apple CoreGraphics Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. CVE-ID CVE-2011-3256 : Apple CoreMedia Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) Data Access Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An exchange mail cookie management issue could incorrectly cause data synchronization across different accounts Description: When multiple mail exchange accounts are configured which connect to the same server, a session could potentially receive a valid cookie corresponding to a different account. This issue is addressed by ensuring that cookies are separated across different accounts. CVE-ID CVE-2011-3257 : Bob Sielken of IBM Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar's certificates, including those issued by other authorities, are not trusted. Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate. CVE-ID CVE-2011-3427 Data Security Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: An attacker could decrypt part of a SSL connection Description: Only the SSLv3 and TLS 1.0 versions of SSL were supported. These versions are subject to a protocol weakness when using block ciphers. A man-in-the-middle attacker could have injected invalid data, causing the connection to close but revealing some information about the previous data. If the same connection was attempted repeatedly the attacker may eventually have been able to decrypt the data being sent, such as a password. This issue is addressed by adding support for TLS 1.2. CVE-ID CVE-2011-3389 Home screen Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Switching between applications may lead to the disclosure of sensitive application information Description: When switching between applications with the four-finger app switching gesture, the display could have revealed the previous application state. This issue is addressed by ensuring that the system properly calls the applicationWillResignActive: method when transitioning between applications. CVE-ID CVE-2011-3431 : Abe White of Hedonic Software Inc. ImageIO Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. CVE-ID CVE-2011-0192 : Apple ImageIO Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies International Components for Unicode Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad Impact: Applications that use ICU may be vulnerable to an unexpected application

About the security content of iOS 6

CFNetworkAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to the disclosure of sensitive informationDescription: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling.CVE-IDCVE-2012-3724 : Erling Ellingsen of FacebookCoreGraphicsAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Multiple vulnerabilities in FreeTypeDescription: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/CVE-IDCVE-2012-1126CVE-2012-1127CVE-2012-1128CVE-2012-1129CVE-2012-1130CVE-2012-1131CVE-2012-1132CVE-2012-1133CVE-2012-1134CVE-2012-1135CVE-2012-1136CVE-2012-1137CVE-2012-1138CVE-2012-1139CVE-2012-1140CVE-2012-1141CVE-2012-1142CVE-2012-1143CVE-2012-1144CoreMediaAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code executionDescription: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization.CVE-IDCVE-2012-3722 : Will Dormann of the CERT/CCDHCPAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A malicious Wi-Fi network may be able to determine networks a device has previously accessedDescription: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks.CVE-IDCVE-2012-3725 : Mark Wuergler of Immunity, Inc.ImageIOAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code executionDescription: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5.CVE-IDCVE-2011-1167ImageIOAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images.CVE-IDCVE-2011-3026 : Jüri AedlaCVE-2011-3048CVE-2011-3328ImageIOAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code executionDescription: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management.CVE-IDCVE-2012-3726 : Phil of PKJE ConsultingImageIOAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code executionDescription: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images.CVE-IDCVE-2012-1173 : Alexander Gavrun working with HP's Zero Day InitiativeInternational Components for UnicodeAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code executionDescription: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking.CVE-IDCVE-2011-4599IPSecAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code executionDescription: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.CVE-IDCVE-2012-3727 : iOS Jailbreak Dream TeamKernelAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code with system privilegesDescription: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling.CVE-IDCVE-2012-3728 : iOS Jailbreak Dream TeamKernelAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization.CVE-IDCVE-2012-3729 : Dan RosenberglibxmlAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code executionDescription: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches.CVE-IDCVE-2011-1944 : Chris Evans of Google Chrome Security TeamCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of SciencesCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of SciencesCVE-2011-3919 : Jüri AedlaMailAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Mail may present the wrong attachment in a messageDescription: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments.CVE-IDCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security TeamMailAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Email attachments may be read without user's passcodeDescription: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.CVE-IDCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatchMailAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: An attacker may spoof the sender of a S/MIME signed messageDescription: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available.CVE-IDCVE-2012-3732 : An anonymous researcher.MessagesAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A user may unintentionally disclose the existence of their email addressesDescription: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to.CVE-IDCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLCOffice ViewerAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Unencrypted document data may be written to a temporary fileDescription: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user’s files, this could lead to information disclosure. This issue was addressed by avoiding creation

iPhone 3GS: Wi-Fi support on models sold in China

Only certain models of iPhone 3GS originally sold in China have Wi-Fi (or WLAN) capability. The following chart identifies which iPhone 3GS models support Wi-Fi (WLAN):   iPhone 3GS (16GB and 32GB) Model A1325 iPhone 3GS (8GB) Model A1303 Supports Wi-Fi (WLAN)   ✓

About the security content of iOS 5.1 Software Update

CFNetwork Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. CVE-ID CVE-2012-0641 : Erling Ellingsen of Facebook HFS Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Mounting a maliciously crafted disk image may lead to a device shutdown or arbitrary code execution Description: An integer underflow existed with the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g Kernel Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. CVE-ID CVE-2012-0643 : 2012 iOS Jailbreak Dream Team libresolv Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Applications that use the libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive Passcode Lock Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen. CVE-ID CVE-2012-0644 : Roland Kohler of the German Federal Ministry of Economics and Technology Safari Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Web page visits may be recorded in browser history even when Private Browsing is active Description: Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active. CVE-ID CVE-2012-0585 : Eric Melville of American Express Siri Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: An attacker with physical access to a locked phone could get access to frontmost email message Description: A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen. CVE-ID CVE-2012-0645 VPN Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted system configuration file may lead to arbitrary code execution with system privileges Description: A format string vulnerability existed in the handling of racoon configuration files. CVE-ID CVE-2012-0646 : pod2g WebKit Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of cookies Description: A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. CVE-ID CVE-2011-3887 : Sergey Glazunov WebKit Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack Description: A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins. CVE-ID CVE-2012-0590 : Adam Barth of Google Chrome Security Team WebKit Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack Description: Multiple cross-origin issues existed in WebKit. CVE-ID CVE-2011-3881 : Sergey Glazunov CVE-2012-0586 : Sergey Glazunov CVE-2012-0587 : Sergey Glazunov CVE-2012-0588 : Jochen Eisinger of Google Chrome Team CVE-2012-0589 : Alan Austin of polyvore.com WebKit Available for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-2833 : Apple CVE-2011-2846 : Arthur Gerkis, miaubiz CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense VCP CVE-2011-2857 : miaubiz CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2867 : Dirk Schulze CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2877 : miaubiz CVE-2011-3885 : miaubiz CVE-2011-3888 : miaubiz CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative CVE-2011-3908 : Aki Helin of OUSPG CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2012-0591 : miaubiz, and Martin Barbella CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day Initiative CVE-2012-0593 : Lei Zhang of the Chromium development community CVE-2012-0594 : Adam Klein of the Chromium development community CVE-2012-0595 : Apple CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0597 : miaubiz CVE-2012-0598 : Sergey Glazunov CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google Chrome, miaubiz, Aki Helin of OUSPG, Apple CVE-2012-0601 : Apple CVE-2012-0602 : Apple CVE-2012-0603 : Apple CVE-2012-0604 : Apple CVE-2012-0605 : Apple CVE-2012-0606 : Apple CVE-2012-0607 : Apple CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer CVE-2012-0611 : Martin Barbella using AddressSanitizer CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer&NewLine

iPhone 3GS Finger Tips - Quick Start Guide

Finger Tips Quick Start Guide Welcome to iPhone . This Quick Start guide tells you how to set up your iPhone and use its key features. To start, turn on your iPhone by pressing and holding the On/Off button for a few seconds. Then follow the onscreen instructions to set up your iPhone . Button basics. To turn off or restart iPhone , press and hold the On/Off button for a few seconds, then drag the slider to confirm. To turn off the screen but still receive calls, press On/Off once

About the security content of iOS 4.3

CoreGraphics Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2010-3855 ImageIO Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0191 : Apple ImageIO Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0192 : Apple libxml Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in libxml's handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-4494 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences Networking Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: A server may be able to identify a device across connections Description: The IPv6 address chosen by the device contains the device's MAC address when using stateless address autoconfiguration (SLAAC). An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections. Safari Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Visiting a maliciously crafted website may cause MobileSafari to exit on launch Description: A maliciously crafted website may contain javascript that repeatedly causes another application on the device to launch via its URL handler. Visiting this website with MobileSafari will cause MobileSafari to exit and the target application to be launched. This sequence would continue each time MobileSafari is opened. This issue is addressed by returning to the previous page when Safari is re-opened after another application was launched via its URL handler. CVE-ID CVE-2011-0158 : Nitesh Dhanjani of Ernst & Young LLP Safari Available for: iOS 4.0 through 4.2.1 for iPhone 3GS and later, iOS 4.0 through 4.2.1 for iPod touch (3rd generation) and later, iOS 4.2 through 4.2.1 for iPad Impact: Clearing cookies in Safari Settings may have no effect Description: In some circumstances, clearing cookies via Safari Settings while Safari is running has no effect. This issue is addressed through improved handling of cookies. This issue does not affect systems prior to iOS 4.0. CVE-ID CVE-2011-0159 : Erik Wong of Google Inc. WebKit Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-1792 CVE-2010-1824 : kuzzcc, and wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0111 : Sergey Glazunov CVE-2011-0112 : Yuzo Fujishima of Google Inc. CVE-2011-0113 : Andreas Kling of Nokia CVE-2011-0114 : Chris Evans of Google Chrome Security Team CVE-2011-0115 : J23 working with TippingPoint's Zero Day Initiative, and Emil A Eklund of Google, Inc. CVE-2011-0116 : an anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0117 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0118 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0119 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0120 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0121 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0122 : Slawomir Blazek CVE-2011-0123 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0124 : Yuzo Fujishima of Google Inc. CVE-2011-0125 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0126 : Mihai Parparita of Google, Inc. CVE-2011-0127 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0128 : David Bloom CVE-2011-0129 : Famlam CVE-2011-0130 : Apple CVE-2011-0131 : wushi of team509 CVE-2011-0132 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0133 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0134 : Jan Tosovsky CVE-2011-0135 : an anonymous reporter CVE-2011-0136 : Sergey Glazunov CVE-2011-0137 : Sergey Glazunov CVE-2011-0138 : kuzzcc CVE-2011-0140 : Sergey Glazunov CVE-2011-0141 : Chris Rohlf of Matasano Security CVE-2011-0142 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0143 : Slawomir Blazek and Sergey Glazunov CVE-2011-0144 : Emil A Eklund of Google, Inc. CVE-2011-0145 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0146 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0147 : Dirk Schulze CVE-2011-0148 : Michal Zalewski of Google, Inc. CVE-2011-0149 : wushi of team509 working with TippingPoint's Zero Day Initiative, and SkyLined of Google Chrome Security Team CVE-2011-0150 : Michael Gundlach of safariadblock.com CVE-2011-0151 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0152 : SkyLined of Google Chrome Security Team CVE-2011-0153 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0154 : an anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0155 : Aki Helin of OUSPG CVE-2011-0156 : Abhishek Arya (Inferno) of Google, Inc. CVE-2011-0157 : Benoit Jacob of Mozilla CVE-2011-0168 : Sergey Glazunov WebKit Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: HTTP Basic Authentication credentials may be inadvertently disclosed to another site Description: If a site uses HTTP Basic Authentication and redirects to another site, the authentication credentials may be sent to the other site. This issue is addressed through improved handling of credentials. CVE-ID CVE-2011-0160 : McIntosh Cooey of Twelve Hundred Group, Harald Hanche-Olsen, Chuck Hohn of 1111 Internet LLC working with CERT, and Paul Hinze of Braintree WebKit Available for: iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad Impact: Visiting a maliciously crafted website may lead to cross-site style declarations Description: A cross-origin issue existed in WebKit's handling of the Attr.style accessor. Visiting a maliciously crafted website may allow the site to inject

iPhone 3GS - Important Product Information and Safety Guide

Important Product Information Guide This Important Product Information Guide contains safety and handling, regulatory, software license, and warranty information for iPhone . Look for recycling, disposal, and other environmental information in the iPhone User Guide at: support.apple.com/manuals/ iphone ± To avoid injury, read all operating instructions and the following safety information before using iPhone . For detailed operating instructions, read the iPhone User Guide on your iPhone

About the security content of iOS 6.1 Software Update

Identity ServicesAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Authentication relying on certificate-based Apple ID authentication may be bypassedDescription: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.CVE-IDCVE-2013-0963International Components for UnicodeAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to a cross-site scripting attackDescription: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.CVE-IDCVE-2011-3058 : Masato KinugawaKernelAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A user-mode process may be able to access the first page of kernel memoryDescription: The iOS kernel has checks to validate that the user-mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory. The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout.CVE-IDCVE-2013-0964 : Mark Dowd of Azimuth SecuritySecurityAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: An attacker with a privileged network position may intercept user credentials or other sensitive informationDescription: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.StoreKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: JavaScript may be enabled in Mobile Safari without user interactionDescription: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner.CVE-IDCVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben Madison of BitCloud, Marek DurcekWebKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.CVE-IDCVE-2012-2857 : Arthur GerkisCVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2012-3621 : Skylined of the Google Chrome Security TeamCVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2012-3687 : kuzzccCVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0951 : AppleCVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security TeamCVE-2013-0955 : AppleCVE-2013-0956 : Apple Product SecurityCVE-2012-2824 : miaubizCVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security TeamCVE-2013-0968 : Aaron NelsonWebKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Copying and pasting content on a malicious website may lead to a cross-site scripting attackDescription: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content.CVE-IDCVE-2013-0962 : Mario Heiderich of Cure53WebKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to a cross-site scripting attackDescription: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking.CVE-IDCVE-2012-2889 : Sergey GlazunovWiFiAvailable for: iPhone 3GS , iPhone 4, iPod touch (4th generation), iPad 2Impact: A remote attacker on the same WiFi network may be able to temporarily disable WiFiDescription: An out of bounds read issue exists in Broadcom's BCM4325 and BCM4329 firmware's handling of 802.11i information elements. This issue was addressed through additional validation of 802.11i information elements.CVE-IDCVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security 

i am using iphone 3gs . ios 61.16 . i wanna download instagram.. but the newest version is not appropriate for my device.. what can i do? how can i download older vversion?

i am using iphone 3gs . ios 61.16 . i wanna download instagram.. but the newest version is not appropriate for my device.. what can i do? how can i download older vversion?

older version of app for Iphone 3gs

Hi,   How, do i get the older version of any app on my Iphone 3gs IOS ver 6.1.6. The current version of apps are compatible to IOS 7 or higher.   Pls suggest.     Regards, Amit

Can i back-up my Iphone 3GS with iOS 6.1.6 on iCloud?

Hello I have a iPhone 3GS with iOS 6.1.6. I wanted to back it up on iCloud but it does not seem to work, and I don't have an error message telling me that bakcing up on iCloud was not successful...   Can someone help me with that question?   Thanks Laurent

About the security content of iOS 5.0.1 Software Update

CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS , iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CoreGraphics Available for: iOS 3.0 through 5.0 for iPhone 3GS , iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Viewing a document containing a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. CVE-ID CVE-2011-3439 : Apple Data Security Available for: iOS 3.0 through 5.0 for iPhone 3GS , iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue. Kernel Available for: iOS 3.0 through 5.0 for iPhone 3GS , iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: An application may execute unsigned code Description: A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3. CVE-ID CVE-2011-3442 : Charlie Miller of Accuvant Labs libinfo Available for: iOS 3.0 through 5.0 for iPhone 3GS , iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in libinfo's handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of Blocket AB Passcode Lock Available for: iOS 4.3 through 5.0 for iPad 2 Impact: A person with physical access to a locked iPad 2 may be able to access some of the user's data Description: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. CVE-ID CVE-2011-3440  

About the security content of iOS 6.1.3

dyld Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments. CVE-ID CVE-2013-0977 : evad3rs Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine the address of structures in the kernel Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context. CVE-ID CVE-2013-0978 : evad3rs Lockdown Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path. CVE-ID CVE-2013-0979 : evad3rs Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2013-0980 : Christopher Heffley of theMedium.ca, videosdebarraquito USB Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code in the kernel Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers. CVE-ID CVE-2013-0981 : evad3rs WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking. CVE-ID CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative

About the security content of iOS 4.3.2 Software Update

Certificate Trust Policy Available for: iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is addressed by blacklisting the fraudulent certificates. Note: For Mac OS X systems, this issue is addressed with Security Update 2011-002. For Windows systems, Safari relies on the certificate store of the host operating system to determine if an SSL server certificate is trustworthy. Applying the update described in Microsoft Knowledge Base Article 2524375 will cause Safari to regard these certificates as untrusted. The article is available at http://support.microsoft.com/kb/2524375 libxslt Available for: iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap, which may aid in bypassing address space layout randomization protection. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. CVE-ID CVE-2011-0195 : Chris Evans of Google Chrome Security Team QuickLook Available for: iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad Impact: Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1417 : Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative WebKit Available for: iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp Weinmann, and an anonymous researcher working with TippingPoint's Zero Day Initiative WebKit Available for: iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day Initiative, and Martin Barbella

iOS 4.2 Software Update

This update contains improvements, including the following: • AirPrint   - Print mail, photos, web pages, and more directly to      AirPrint compatible printers on a local wireless network• AirPlay   - Wirelessly stream videos, music, and photos to      Apple TV  - Wirelessly stream music to AirPlay compatible speakers      and receivers, including AirPort Express• FaceTime improvements  - Initiate calls with Voice Control  - Initiate calls from an SMS conversation  - Support for Bluetooth accessories• Find text on the web page in Safari• New fonts setting available for Notes• New SMS/MMS text tones and the ability to set custom    tones per contact• Additional restrictions (parental controls) available:  - Account settings  - App deletion  - Game Center friends  - Location settings• Ability to import .ics files into Calendar• Bug fixes, including:  - Eliminates sound artifacts occasionally captured in      recorded audio with 4th generation iPod touch  - Improves audio playback to car stereos via USB Products compatible with this software update:• iPhone 4• iPhone 3GS • iPhone 3G• iPod touch 2nd generation or later Not all improvements apply to all models. For more information, go to:  http://www.apple.com/ipodtouch/software-update/  http://www.apple.com/ iphone /software-update/ For feature descriptions and complete instructions, see the user guides for iPhone and iPod touch at: http://support.apple.com/manuals/ iphone http://support.apple.com/manuals/ipodtouch For more information about iPhone and iPod touch, go to: http://www.apple.com/ iphone http://www.apple.com/ipodtouch To troubleshoot your iPhone or iPod touch, or to view additional support information go to: http://www.apple.com/support/ iphone http://www.apple.com/support/ipodtouch For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222 This update is available via iTunes. Note: iOS 4.2.1 is the version number displayed in the iOS user interface and iTunes.   

Compatibility of Apple wired headset models with iPhone, iPad, and iPod models

Use these tables to check the compatibility of Apple wired headset models with iPhone , iPad, and iPod models. If you have a third-party headset, check with the vendor for compatibility information.

About the security content of iOS 4.3.4 Software Update

CoreGraphics Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in FreeType's handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3855 CoreGraphics Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0226 : comex IOMobileFrameBuffer Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad Impact: Malicious code running as the user may gain system privileges Description: An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges. CVE-ID CVE-2011-0227 : comex

About the security content of iOS 6.0.1 Software Update

KernelAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernelDescription: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.CVE-IDCVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchersPasscode LockAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: A person with physical access to the device may be able to access Passbook passes without entering a passcodeDescription: A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes.CVE-IDCVE-2012-3750 : Anton TsviatkouWebKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.CVE-IDCVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day InitiativeWebKitAvailable for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.CVE-IDCVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest

About the security content of iOS 5.1.1 Software Update

SafariAvailable for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2Impact: A maliciously crafted website may be able to spoof the address in the location barDescription: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.CVE-IDCVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net)WebKitAvailable for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attackDescription: Multiple cross-site scripting issues existed in WebKit.CVE-IDCVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contestCVE-2011-3056 : Sergey GlazunovWebKitAvailable for: iPhone 3GS , iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in WebKit.CVE-IDCVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team

iOS 4.3.3 Software Update

 This update contains changes to the iOS crowd-sourced location database cache including:   Reduces the size of the cache   No longer backs the cache up to iTunes Deletes the cache entirely when Location Services is turned off  Products compatible with this software update:• iPhone 4 (GSM model)• iPhone 3GS • iPad 2• iPad• iPod touch (4th generation)• iPod touch (3rd generation) This update is available via iTunes.