Vulnerabilidad en WebKit en iPod touch (CVE-2008-3632)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
11/09/2008
Última modificación:
09/04/2025
Descripción
Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una página web con sentencias de importación de Hojas de Estilo en Cascada (CSS).
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://secunia.com/advisories/31823
- http://secunia.com/advisories/31900
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/32860
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3026
- http://support.apple.com/kb/HT3129
- http://support.apple.com/kb/HT3613
- http://www.securityfocus.com/bid/31092
- http://www.securitytracker.com/id?1020847=
- http://www.ubuntu.com/usn/USN-676-1
- http://www.vupen.com/english/advisories/2008/2525
- http://www.vupen.com/english/advisories/2008/2558
- http://www.vupen.com/english/advisories/2009/1522
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://secunia.com/advisories/31823
- http://secunia.com/advisories/31900
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/32860
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3026
- http://support.apple.com/kb/HT3129
- http://support.apple.com/kb/HT3613
- http://www.securityfocus.com/bid/31092
- http://www.securitytracker.com/id?1020847=
- http://www.ubuntu.com/usn/USN-676-1
- http://www.vupen.com/english/advisories/2008/2525
- http://www.vupen.com/english/advisories/2008/2558
- http://www.vupen.com/english/advisories/2009/1522