VYPR

iOS

by Apple Inc.

CVEs (3,199)

  • CVE-2012-3745Sep 20, 2012
    risk 0.00cvss epss 0.02

    Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

  • CVE-2012-3744Sep 20, 2012
    risk 0.00cvss epss 0.02

    Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.

  • CVE-2012-3743Sep 20, 2012
    risk 0.00cvss epss 0.02

    The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.

  • CVE-2012-3741Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase…

  • CVE-2012-3740Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

  • CVE-2012-3739Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.

  • CVE-2012-3738Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain…

  • CVE-2012-3737Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.

  • CVE-2012-3736Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.

  • CVE-2012-3735Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.

  • CVE-2012-3734Sep 20, 2012
    risk 0.00cvss epss 0.00

    Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.

  • CVE-2012-3733Sep 20, 2012
    risk 0.00cvss epss 0.01

    Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate…

  • CVE-2012-3732Sep 20, 2012
    risk 0.00cvss epss 0.01

    Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.

  • CVE-2012-3731Sep 20, 2012
    risk 0.00cvss epss 0.00

    Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

  • CVE-2012-3730Sep 20, 2012
    risk 0.00cvss epss 0.02

    Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.

  • CVE-2012-3729Sep 20, 2012
    risk 0.00cvss epss 0.00

    The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.

  • CVE-2012-3728Sep 20, 2012
    risk 0.00cvss epss 0.00

    The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.

  • CVE-2012-3727Sep 20, 2012
    risk 0.00cvss epss 0.03

    Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

  • CVE-2012-3726Sep 20, 2012
    risk 0.00cvss epss 0.02

    Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

  • CVE-2012-3725Sep 20, 2012
    risk 0.00cvss epss 0.01

    The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an…

Page 154 of 160