Iphone Os Security Vulnerabilities and Issues — Page 3 of Iphone Os CVE List

CVE-2011-2870

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

CVE-2011-2873

4.3CVSS4.9AI score0.00588EPSS

CVE-2012-0590

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

CVE-2012-0609

CVE-2012-0617

CVE-2012-0618

CVE-2012-0621

CVE-2012-0631

CVE-2012-0635

5CVSS5.2AI score0.00556EPSS

CVE-2012-0641

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

CVE•added 2012/09/13 10:30 a.m.•44 views

CVE-2012-3701

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3737

The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.

2.1CVSS5.5AI score0.00068EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3743

The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.

5CVSS5AI score0.00421EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3749

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.6AI score0.00498EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

3.6CVSS5.6AI score0.00073EPSS

CVE-2012-0603

6.8CVSS7.8AI score0.01764EPSS

CVE-2012-0608

CVE-2012-0611

CVE-2012-0612

CVE-2012-0624

CVE-2012-0625

CVE-2012-0629

CVE•added 2012/09/20 9:55 p.m.•43 views

CVE-2012-3725

The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi netw...

3.3CVSS5.3AI score0.00144EPSS

CVE•added 2012/09/20 9:55 p.m.•43 views

CVE-2012-3732

Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.

6.4CVSS5.8AI score0.00585EPSS

CVE•added 2012/03/08 10:55 p.m.•42 views

CVE-2012-0595

CVE•added 2012/03/08 10:55 p.m.•42 views

CVE-2012-0616

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3727

Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

6.8CVSS7.4AI score0.01877EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3741

The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.

1.9CVSS5.6AI score0.00052EPSS

CVE-2011-2872

CVE-2012-0597

CVE-2012-0599

CVE-2012-0627

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3726

Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

6.8CVSS7.5AI score0.01314EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3729

The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.

1.9CVSS4.5AI score0.00068EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3739

The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.

2.1CVSS5.6AI score0.00053EPSS

CVE•added 2012/03/08 10:55 p.m.•40 views

CVE-2011-2871

CVE•added 2012/03/08 10:55 p.m.•40 views

CVE-2012-0606

CVE•added 2012/03/08 10:55 p.m.•40 views

CVE-2012-0630

CVE•added 2012/09/13 10:30 a.m.•40 views

CVE-2012-3607

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•40 views

CVE-2012-3733

Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in ...

4.3CVSS5.2AI score0.00346EPSS

CVE•added 2012/03/08 10:55 p.m.•39 views

CVE-2012-0607

6.9CVSS5.5AI score0.00048EPSS

CVE-2012-3728

The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.

2.1CVSS5.5AI score0.00068EPSS

CVE-2012-3731

Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

3.6CVSS5.3AI score0.00066EPSS

CVE-2012-3738

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact informatio...

2.1CVSS5.5AI score0.00053EPSS

CVE-2012-3740

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

5CVSS6.1AI score0.00583EPSS

CVE-2012-3745

Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

4.3CVSS5.4AI score0.00335EPSS

CVE-2012-3746

UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.

CVE•added 2012/03/08 10:55 p.m.•38 views

CVE-2011-2869

CVE•added 2012/03/08 10:55 p.m.•38 views

CVE-2012-0614