Iphone Os Security Vulnerabilities and Issues — Iphone Os CVE List

Lucene search

AppleIphone Os

27 matches found

CVE•added 2015/04/10 2:59 p.m.•69 views

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.7AI score0.00074EPSS

CVE•added 2014/09/18 10:55 a.m.•59 views

CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•58 views

CVE-2014-4420

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4421

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•52 views

CVE-2014-4384

Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.

1.9CVSS5.6AI score0.00043EPSS

CVE•added 2011/11/11 6:55 p.m.•51 views

CVE-2011-3440

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.

1.2CVSS5.6AI score0.00055EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0645

Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

1.2CVSS6AI score0.00092EPSS

CVE•added 2014/03/14 10:55 a.m.•51 views

CVE-2014-1281

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.

1.9CVSS5.4AI score0.00063EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4419

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2013/03/20 2:55 p.m.•48 views

CVE-2013-0979

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9CVSS5.7AI score0.00036EPSS

CVE•added 2015/04/10 2:59 p.m.•48 views

CVE-2015-1097

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS

CVE•added 2015/04/10 2:59 p.m.•47 views

CVE-2015-1094

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS

CVE•added 2008/11/25 11:30 p.m.•45 views

CVE-2008-4230

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a dup...

1.9CVSS5.5AI score0.00066EPSS

CVE•added 2014/09/18 10:55 a.m.•45 views

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

1.9CVSS6AI score0.00049EPSS

CVE•added 2015/04/10 2:59 p.m.•43 views

CVE-2015-1114

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

1.9CVSS5.6AI score0.00074EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3741

The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.

1.9CVSS5.6AI score0.00052EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3729

The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.

1.9CVSS4.5AI score0.00068EPSS

CVE•added 2015/04/10 2:59 p.m.•41 views

CVE-2015-1085

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

1.9CVSS5.6AI score0.00069EPSS

CVE•added 2015/04/10 2:59 p.m.•41 views

CVE-2015-1113

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.

1.9CVSS5.5AI score0.00069EPSS

CVE•added 2010/06/22 8:30 p.m.•40 views

CVE-2010-1775

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

1.9CVSS5.9AI score0.00051EPSS

CVE•added 2015/03/12 10:59 a.m.•40 views

CVE-2015-1064

Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.

1.9CVSS5.7AI score0.00068EPSS

CVE•added 2014/07/01 10:17 a.m.•39 views

CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

1.9CVSS5.7AI score0.00067EPSS

CVE•added 2014/10/22 10:55 a.m.•39 views

CVE-2014-4448

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

1.9CVSS5AI score0.00046EPSS

CVE•added 2013/09/19 10:28 a.m.•38 views

CVE-2013-5150

The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.

1.9CVSS7.6AI score0.00073EPSS

CVE•added 2014/10/22 10:55 a.m.•37 views

CVE-2014-4450

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

1.9CVSS5.7AI score0.00144EPSS

CVE•added 2015/04/10 2:59 p.m.•36 views

CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

1.9CVSS5.6AI score0.00058EPSS

CVE•added 2012/09/20 9:55 p.m.•33 views

CVE-2012-3734

Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.

1.9CVSS5.6AI score0.00038EPSS