Use-After-Free Vulnerability in WebKit of Apple iPod Touch and iPhone Devices
CVE-2008-3632

Currently unrated

Key Information:

Vendor: Apple
Status: Iphone; Ipod Touch; iPhone OS
Vendor: CVE Published:; 11 September 2008

What is CVE-2008-3632?

A use-after-free vulnerability exists in the WebKit component of Apple's iPod touch and iPhone devices running versions 1.1 through 2.0.2. This vulnerability can be exploited by remote attackers through specially crafted web pages featuring malicious Cascading Style Sheets (CSS) import statements. Exploitation may lead to arbitrary code execution or result in application crashes, impacting user experience and device security.

References

http://secunia.com/advisories/32860

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/2525

vdb-entryx_refsource_VUPEN

http://lists.apple.com/archives/security-announce/2009/ju...

vendor-advisoryx_refsource_APPLE

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2008
Vulnerability Reserved
Aug 12, 2008