Apple iPhone / iPod touch Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apple iPhone and iPod touch, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system.

1. A heap overflow error in CoreAudio when processing malformed AAC or MP3 files, which could be exploited to crash an affected application or execute arbitrary code.

2. Due to the "Require Passcode" setting within Exchange Support not being affected by the "Maximum inactivity time lock" setting, which could allow an attacker with physical access to a device to use it after the timeout period specified by an Exchange administrator.

3. Due to Spotlight finding and allowing access to deleted messages in Mail folders on the device, which could allow an attacker with access to the device to view the deleted messages.

4. A heap overflow error in Recovery Mode command parsing, which could allow an attacker with physical access to a vulnerable device to bypass the passcode, and gain access to user's data.

5. A null pointer dereference error in the handling of SMS arrival notifications, which could be exploited to terminate the telephony service.

6. An error in UIKit when a character in a password is deleted, and the deletion is undone, which could a person with physical access to the device to read a password, one character at a time.

7. Due to Safari including the username and password from the original URL in the referer header, which could lead to the disclosure of sensitive information.

Other vulnerabilities existed in the WebKit component. Please refer to: Apple Safari WebKit Memory Corruption and Cross Site Scripting Vulnerabilties