Apple iPhone / iPod touch Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apple iPhone and iPod touch, which could be exploited by remote attackers to disclose sensitive information, spoof certain data, cause a denial of service or compromise a vulnerable device.

1. An error in CFNetwork when processing 502 Bad Gateway error data returned by a malicious HTTPS proxy server, which could allow a secure website to be spoofed.

2. An undetected failure condition in Kernel when handling packets with an IPComp header.

3. An error in Safari when rendering Unicode ideographic spaces while displaying the current URL in the address bar, which could be exploited to spoof arbitrary domains.

4. An error in Safari when accessing a website that uses a self-signed or invalid certificate, which may lead to the disclosure of sensitive information.

5. A signedness error in Safari's handling of JavaScript array indices, which may lead to an unexpected application termination or arbitrary code execution.

6. An input validation error in Safari when handling specially crafted HTML tags containing byte order mark sequences, which may lead to cross-site scripting.

7. A memory corruption error in WebKit's handling of JavaScript arrays, which could be exploited to crash Safari or execute arbitrary code.

8. A memory corruption error in WebCore's handling of style sheet elements, which could be exploited to crash Safari or execute arbitrary code.

9. A memory consumption error in the handling of XML documents containing invalid UTF-8 sequences, which may lead to a denial of service.

10. A memory corruption error in the libxslt library when handling malformed HTML data, which could be exploited to crash Safari or execute arbitrary code.

11. A memory corruption error in JavaScriptCore's handling of runtime garbage collection, which could be exploited to crash a vulnerable application or execute arbitrary code.

12. An input validation error in WebKit when handling URLs containing a colon character in the host name, which could be exploited to conduct cross site scripting attacks.

13. A heap buffer overflow in WebKit's handling of JavaScript regular expressions, which may lead to an unexpected application termination or arbitrary code execution.