VYPR

iOS

by Apple Inc.

CVEs (2,979)

  • CVE-2014-4389Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

  • CVE-2014-4386Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.

  • CVE-2014-4384Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.

  • CVE-2014-4383Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

  • CVE-2014-4381Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

  • CVE-2014-4380Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.02

    The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

  • CVE-2014-4379Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.02

    An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

  • CVE-2014-4378Sep 18, 2014
    Apple Inc.
    Coregraphics
    risk 0.00cvss epss 0.02

    CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

  • CVE-2014-4374Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2014-4372Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

  • CVE-2014-4371Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…

  • CVE-2014-4369Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

  • CVE-2014-4368Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.

  • CVE-2014-4367Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.

  • CVE-2014-4366Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.

  • CVE-2014-4362Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.

  • CVE-2014-4361Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.

  • CVE-2014-4357Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

  • CVE-2014-4356Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

  • CVE-2014-4354Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.00

    Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

Page 136 of 149