iOS

CVEs (1,670)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2012-0633	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0632	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-0227	Apple Inc. Iphone Os	—	0.00	Jul 19, 2011	The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
CVE-2011-0163	Apple Inc. Safari	—	0.01	Mar 11, 2011	WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.
CVE-2011-0162	Apple Inc. Iphone Os	—	0.02	Mar 11, 2011	Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.
CVE-2011-0161	Apple Inc. Safari	—	0.00	Mar 11, 2011	WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
CVE-2011-0160	Apple Inc. Safari	—	0.00	Mar 11, 2011	WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
CVE-2011-0157	Apple Inc. Webkit	—	0.02	Mar 11, 2011	WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
CVE-2011-1417	Apple Inc. Mac Os X	—	0.06	Mar 11, 2011	Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft…
CVE-2011-1344	Apple Inc. Safari	—	0.05	Mar 10, 2011	Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then…
CVE-2010-4012	Apple Inc. Iphone Os	—	0.00	Dec 8, 2010	Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
CVE-2010-3832	Apple Inc. Iphone Os	—	0.04	Nov 26, 2010	Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
CVE-2010-3828	Apple Inc. Iphone Os	—	0.01	Nov 26, 2010	iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3827	Apple Inc. Iphone Os	—	0.01	Nov 26, 2010	Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-1817	Apple Inc. Iphone Os	—	0.01	Sep 9, 2010	Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
CVE-2010-1815	Canonical Ubuntu Linux	—	0.06	Sep 9, 2010	Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVE-2010-1814	Canonical Ubuntu Linux	—	0.05	Sep 9, 2010	WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVE-2010-1812	Canonical Ubuntu Linux	—	0.06	Sep 9, 2010	Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
CVE-2010-1811	Apple Inc. Iphone Os	—	0.04	Sep 9, 2010	ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
CVE-2010-1810	Apple Inc. Iphone Os	—	0.00	Sep 9, 2010	FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

CVE-2012-0633Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0632Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-0227Jul 19, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
CVE-2011-0163Mar 11, 2011
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.
CVE-2011-0162Mar 11, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.02
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.
CVE-2011-0161Mar 11, 2011
Apple Inc.
Safari
risk 0.00cvss —epss 0.00
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
CVE-2011-0160Mar 11, 2011
Apple Inc.
Safari
risk 0.00cvss —epss 0.00
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
CVE-2011-0157Mar 11, 2011
Apple Inc.
Webkit
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
CVE-2011-1417Mar 11, 2011
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.06
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft…
CVE-2011-1344Mar 10, 2011
Apple Inc.
Safari
risk 0.00cvss —epss 0.05
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then…
CVE-2010-4012Dec 8, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
CVE-2010-3832Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
CVE-2010-3828Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3827Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-1817Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
CVE-2010-1815Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.06
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVE-2010-1814Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.05
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVE-2010-1812Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.06
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
CVE-2010-1811Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.04
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
CVE-2010-1810Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

Page 83 of 84