Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.