iOS

CVEs (1,670)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2014-4457	Apple Inc. Iphone Os	—	0.01	Nov 18, 2014	The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
CVE-2014-4455	Apple Inc. Iphone Os	—	0.00	Nov 18, 2014	dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4453	Apple Inc. Mac Os X	—	0.01	Nov 18, 2014	Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4452	Apple Inc. Safari	—	0.01	Nov 18, 2014	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4451	Apple Inc. Iphone Os	—	0.00	Nov 18, 2014	Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
CVE-2014-4450	Apple Inc. Iphone Os	—	0.00	Oct 22, 2014	The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
CVE-2014-4449	Apple Inc. Iphone Os	—	0.00	Oct 22, 2014	iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4448	Apple Inc. Iphone Os	—	0.00	Oct 22, 2014	House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVE-2014-4423	Apple Inc. Iphone Os	—	0.01	Sep 18, 2014	The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
CVE-2014-4421	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415	Apple Inc. Safari	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4409	Apple Inc. Iphone Os	—	0.01	Sep 18, 2014	WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
CVE-2014-4408	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

CVE-2014-4457Nov 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
CVE-2014-4455Nov 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4453Nov 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4452Nov 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4451Nov 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
CVE-2014-4450Oct 22, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
CVE-2014-4449Oct 22, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4448Oct 22, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVE-2014-4423Sep 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
CVE-2014-4421Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415Sep 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4409Sep 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
CVE-2014-4408Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

Page 78 of 84