Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Max CVSS
2.6
EPSS Score
1.99%
Published
2008-11-25
Updated
2022-08-09
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
Max CVSS
2.1
EPSS Score
0.06%
Published
2009-06-19
Updated
2022-08-09
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
Max CVSS
2.1
EPSS Score
0.06%
Published
2009-06-19
Updated
2022-08-09
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
Max CVSS
2.1
EPSS Score
0.04%
Published
2009-09-10
Updated
2017-08-17
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
Max CVSS
2.1
EPSS Score
0.06%
Published
2009-09-10
Updated
2017-08-17
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
Max CVSS
2.1
EPSS Score
0.12%
Published
2011-10-14
Updated
2017-08-29
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
Max CVSS
2.6
EPSS Score
0.09%
Published
2011-10-14
Updated
2011-10-14
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-10-14
Updated
2017-08-29
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
Max CVSS
2.6
EPSS Score
0.18%
Published
2011-10-14
Updated
2017-08-29
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.12%
Published
2011-10-14
Updated
2017-08-29
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
Max CVSS
2.1
EPSS Score
0.12%
Published
2011-10-14
Updated
2017-08-29
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.05%
Published
2012-09-20
Updated
2013-03-26
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
Max CVSS
2.1
EPSS Score
0.06%
Published
2012-09-20
Updated
2017-08-29
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
Max CVSS
2.1
EPSS Score
0.05%
Published
2012-09-20
Updated
2013-03-26
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-09-20
Updated
2012-09-21
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-09-20
Updated
2012-09-21
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
Max CVSS
2.6
EPSS Score
0.19%
Published
2013-01-29
Updated
2013-03-16
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
Max CVSS
2.1
EPSS Score
0.09%
Published
2013-01-29
Updated
2013-03-16
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
Max CVSS
2.1
EPSS Score
0.05%
Published
2013-03-20
Updated
2019-09-26
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
Max CVSS
2.6
EPSS Score
0.14%
Published
2013-09-19
Updated
2013-10-22
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.12%
Published
2013-09-19
Updated
2013-10-22
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.05%
Published
2013-09-19
Updated
2013-10-22
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
Max CVSS
2.1
EPSS Score
0.06%
Published
2013-10-24
Updated
2013-10-24
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-03-14
Updated
2014-03-14
105 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!