An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.
An integer underflow existed with the handling of HFS catalog files.
A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.
An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.
A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.
An attacker with physical access to a locked phone could get access to frontmost email message.
A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.
A format string vulnerability existed in the handling of racoon configuration files.
A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.
A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.
Multiple cross-origin issues existed in WebKit.
Multiple memory corruption issues existed in WebKit.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.