The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
Max CVSS
1.9
EPSS Score
0.16%
Published
2015-04-10
Updated
2019-03-08
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
Max CVSS
1.9
EPSS Score
0.12%
Published
2015-04-10
Updated
2017-01-03
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
Max CVSS
1.9
EPSS Score
0.11%
Published
2015-04-10
Updated
2017-01-03
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
Max CVSS
1.9
EPSS Score
0.16%
Published
2015-04-10
Updated
2019-03-08
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
Max CVSS
1.9
EPSS Score
0.19%
Published
2015-04-10
Updated
2019-03-08
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
Max CVSS
1.9
EPSS Score
0.18%
Published
2015-04-10
Updated
2019-03-08
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
Max CVSS
1.9
EPSS Score
0.12%
Published
2015-04-10
Updated
2017-01-03
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
Max CVSS
1.9
EPSS Score
0.10%
Published
2015-03-12
Updated
2015-09-11
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
Max CVSS
1.9
EPSS Score
0.15%
Published
2014-10-22
Updated
2017-08-29
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
Max CVSS
1.9
EPSS Score
0.12%
Published
2014-10-22
Updated
2017-08-29
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.16%
Published
2014-09-18
Updated
2019-03-08
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
Max CVSS
1.9
EPSS Score
0.04%
Published
2014-09-18
Updated
2017-08-29
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
Max CVSS
1.9
EPSS Score
0.08%
Published
2014-09-18
Updated
2017-08-29
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
Max CVSS
1.9
EPSS Score
0.13%
Published
2014-09-18
Updated
2019-11-07
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
Max CVSS
1.9
EPSS Score
0.10%
Published
2014-07-01
Updated
2017-01-07
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.
Max CVSS
1.9
EPSS Score
0.07%
Published
2014-03-14
Updated
2014-03-14
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
Max CVSS
1.9
EPSS Score
0.14%
Published
2013-09-19
Updated
2014-10-24
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.
Max CVSS
1.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2017-08-29
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
Max CVSS
1.2
EPSS Score
0.10%
Published
2012-03-08
Updated
2018-11-29
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
Max CVSS
1.2
EPSS Score
0.06%
Published
2011-11-11
Updated
2011-11-15
27 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!