Iphone Os@7.0.1 Security Vulnerabilities and Issues — Page 2 of Iphone Os@7.0.1 CVE List

5CVSS5.6AI score0.00594EPSS

CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.

5CVSS5AI score0.00594EPSS

CVE-2014-4362

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.

7.8CVSS5.8AI score0.01216EPSS

CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

3.6CVSS5.8AI score0.00038EPSS

CVE-2014-4372

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

7.8CVSS5.1AI score0.00191EPSS

CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

CVE•added 2014/03/14 10:55 a.m.•48 views

CVE-2014-1275

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

6.8CVSS7.9AI score0.01142EPSS

CVE•added 2014/07/01 10:17 a.m.•48 views

CVE-2014-1365

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

4.3CVSS5.2AI score0.00461EPSS

CVE-2014-4353

Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

5.8CVSS5.9AI score0.00301EPSS

CVE-2014-4354

Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

5CVSS5.4AI score0.00783EPSS

CVE-2014-4366

Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

7.1CVSS6.3AI score0.01872EPSS

CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

6.8CVSS7.8AI score0.01114EPSS

CVE-2014-4411

CVE•added 2014/03/14 10:55 a.m.•47 views

CVE-2014-1267

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.

5.8CVSS5.6AI score0.00222EPSS

CVE•added 2014/03/14 10:55 a.m.•47 views

CVE-2014-1272

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

6.3CVSS5.7AI score0.00024EPSS

CVE•added 2014/03/14 10:55 a.m.•47 views

CVE-2014-1274

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.

2.1CVSS5.1AI score0.00063EPSS

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1325

CVE•added 2014/07/01 10:17 a.m.•47 views

CVE-2014-1349

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.

6.8CVSS7.7AI score0.01539EPSS

CVE•added 2014/09/18 10:55 a.m.•47 views

CVE-2014-4368

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.

6.9CVSS5.5AI score0.00057EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.

4.3CVSS5.7AI score0.00467EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1360

Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.

2.1CVSS5.5AI score0.00075EPSS

CVE•added 2014/07/01 10:17 a.m.•46 views

CVE-2014-1367

CVE•added 2014/07/01 10:17 a.m.•45 views

CVE-2014-1356

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.

10CVSS7.3AI score0.03252EPSS

CVE•added 2014/09/18 10:55 a.m.•45 views

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

1.9CVSS6AI score0.00049EPSS

CVE•added 2014/09/18 10:55 a.m.•45 views

CVE-2014-4423

The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

4.3CVSS5.7AI score0.00594EPSS

CVE•added 2014/07/01 10:17 a.m.•44 views

CVE-2014-1368

CVE•added 2013/11/18 2:55 a.m.•43 views

CVE-2013-5193

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

4.7CVSS6AI score0.00048EPSS

CVE•added 2014/03/14 10:55 a.m.•43 views

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

5.8CVSS5.7AI score0.00222EPSS

CVE•added 2014/03/14 10:55 a.m.•43 views

CVE-2014-1276

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.

5CVSS5.7AI score0.00263EPSS

CVE•added 2014/09/18 10:55 a.m.•43 views

CVE-2014-4352

Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2.1CVSS5AI score0.00042EPSS

CVE•added 2014/09/18 10:55 a.m.•43 views

CVE-2014-4367

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.

2.1CVSS5.8AI score0.00075EPSS

CVE•added 2014/03/14 10:55 a.m.•42 views

CVE-2014-1285

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.

5.8CVSS5.7AI score0.00255EPSS

CVE•added 2014/07/01 10:17 a.m.•42 views

CVE-2014-1351

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.

3.6CVSS5.7AI score0.00067EPSS

CVE•added 2014/09/18 10:55 a.m.•42 views

CVE-2014-4409

WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.

4.3CVSS5.5AI score0.00958EPSS

CVE•added 2013/10/24 3:48 a.m.•41 views

CVE-2013-5164

Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

3.3CVSS6.1AI score0.00047EPSS

CVE•added 2014/03/14 10:55 a.m.•41 views

CVE-2014-1278

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.

7.2CVSS5.9AI score0.00038EPSS

CVE•added 2013/10/24 3:48 a.m.•40 views

CVE-2013-5162

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

2.1CVSS5.9AI score0.00057EPSS

CVE•added 2014/07/01 10:17 a.m.•40 views

CVE-2014-1354

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.

6.8CVSS7.7AI score0.01314EPSS

CVE•added 2014/03/14 10:55 a.m.•39 views

CVE-2013-5133

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

8.8CVSS5.8AI score0.00559EPSS

CVE•added 2013/10/24 3:48 a.m.•39 views

CVE-2013-5144

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer derefe...

3.3CVSS6.1AI score0.00055EPSS

CVE•added 2014/07/01 10:17 a.m.•39 views

CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

1.9CVSS5.7AI score0.00067EPSS

CVE•added 2014/07/01 10:17 a.m.•38 views

CVE-2014-1382