CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1360 20 Bypass 2014-07-01 2014-07-01
2.1
None Local Low Not required None Partial None
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
2 CVE-2014-1348 310 +Info 2014-07-01 2014-07-01
2.1
None Local Low Not required Partial None None
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.
3 CVE-2014-1274 200 +Info 2014-03-14 2014-03-14
2.1
None Local Low Not required Partial None None
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
4 CVE-2013-5162 264 Bypass 2013-10-23 2013-10-24
2.1
None Local Low Not required Partial None None
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
5 CVE-2013-5158 264 +Info 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
6 CVE-2013-5153 264 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
7 CVE-2013-5137 264 2013-09-19 2013-10-22
2.6
None Remote High Not required None None Partial
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
8 CVE-2013-0980 264 Bypass 2013-03-20 2013-03-21
2.1
None Local Low Not required None Partial None
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
9 CVE-2013-0978 200 Bypass +Info 2013-03-20 2013-03-21
2.1
None Local Low Not required Partial None None
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
10 CVE-2013-0963 20 Bypass 2013-01-29 2013-03-15
2.1
None Local Low Not required None Partial None
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
11 CVE-2013-0962 79 XSS 2013-01-29 2013-03-15
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
12 CVE-2012-3740 264 Bypass 2012-09-20 2012-09-21
2.1
None Local Low Not required None Partial None
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
13 CVE-2012-3739 264 Bypass 2012-09-20 2012-09-21
2.1
None Local Low Not required None Partial None
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.
14 CVE-2012-3737 264 2012-09-20 2013-03-25
2.1
None Local Low Not required Partial None None
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.
15 CVE-2012-3735 200 +Info 2012-09-20 2013-03-25
2.1
None Local Low Not required Partial None None
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
16 CVE-2012-3731 Bypass 2012-09-20 2013-03-25
2.1
None Local Low Not required Partial None None
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
17 CVE-2011-3431 200 +Info 2011-10-14 2011-10-20
2.1
None Local Low Not required Partial None None
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
18 CVE-2011-3429 255 +Info 2011-10-14 2011-10-20
2.1
None Local Low Not required Partial None None
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
19 CVE-2011-3427 200 +Info 2011-10-14 2013-10-30
2.6
None Remote High Not required Partial None None
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
20 CVE-2011-3257 264 Bypass 2011-10-14 2012-01-13
2.1
None Local Low Not required Partial None None
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
21 CVE-2011-3253 200 +Info 2011-10-14 2011-10-14
2.6
None Remote High Not required Partial None None
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
22 CVE-2011-3245 255 +Info 2011-10-14 2011-10-20
2.1
None Local Low Not required Partial None None
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
23 CVE-2009-2796 200 +Info 2009-09-10 2012-10-22
2.1
None Local Low Not required Partial None None
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
24 CVE-2009-2207 264 +Info 2009-09-10 2012-10-22
2.1
None Local Low Not required Partial None None
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
25 CVE-2009-1680 200 +Info 2009-06-19 2012-03-30
2.1
None Local Low Not required Partial None None
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
26 CVE-2009-1679 264 Bypass 2009-06-19 2012-03-30
2.1
None Local Low Not required None Partial None
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
27 CVE-2008-4233 2008-11-25 2008-12-03
2.6
None Remote High Not required None None Partial
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.