Apple Security Vulnerabilities
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
7.5AI Score
0.004EPSS
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
5.1AI Score
0.001EPSS
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
6AI Score
0.005EPSS
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
9.1AI Score
0.028EPSS
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
7.2AI Score
0.07EPSS
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
7.4AI Score
0.052EPSS
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
7.3AI Score
0.72EPSS
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
9.3AI Score
0.133EPSS
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
6.9AI Score
0.084EPSS
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
5.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
5.1AI Score
0.001EPSS
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
5.1AI Score
0.003EPSS
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
7.1AI Score
0.058EPSS
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
5.5AI Score
0.0004EPSS
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
6.1AI Score
0.032EPSS
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
7.8AI Score
0.01EPSS
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
7.6AI Score
0.01EPSS
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
7.5CVSS
7.2AI Score
0.061EPSS
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by ...
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
5AI Score
0.004EPSS
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
5.1AI Score
0.002EPSS
Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.
9.8CVSS
9.9AI Score
0.021EPSS
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
5.1AI Score
0.001EPSS
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
5.8AI Score
0.002EPSS
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
5.1AI Score
0.001EPSS
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
5.9AI Score
0.008EPSS
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
5.1AI Score
0.003EPSS
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
7.4AI Score
0.0004EPSS
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
7.9AI Score
0.006EPSS
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
8.3AI Score
0.028EPSS
WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.
8.8CVSS
8.8AI Score
0.009EPSS
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
7.4AI Score
0.01EPSS
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
5.6AI Score
0.001EPSS
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
5.2AI Score
0.004EPSS
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
6.5AI Score
0.0004EPSS
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rul...
8.8AI Score
0.02EPSS
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
5.8AI Score
0.002EPSS
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
7.7AI Score
0.009EPSS
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
5.5AI Score
0.003EPSS
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
7AI Score
0.008EPSS
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
6.8AI Score
0.005EPSS
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
6.9AI Score
0.005EPSS
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
5.7AI Score
0.003EPSS
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
7.2AI Score
0.059EPSS
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
7AI Score
0.026EPSS
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
6.7AI Score
0.016EPSS
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
6.8AI Score
0.033EPSS
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
6.8AI Score
0.066EPSS
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803.
6.1AI Score
0.004EPSS
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
5.9AI Score
0.0004EPSS