iOS

CVEs (1,844)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2011-1344	Apple Inc. Safari	—	0.05	Mar 10, 2011	Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then…
CVE-2010-4012	Apple Inc. Iphone Os	—	0.00	Dec 8, 2010	Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
CVE-2010-3832	Apple Inc. Iphone Os	—	0.04	Nov 26, 2010	Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
CVE-2010-3831	Apple Inc. Iphone Os	—	0.00	Nov 26, 2010	Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
CVE-2010-3829	Apple Inc. Iphone Os	—	0.01	Nov 26, 2010	WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a…
CVE-2010-3828	Apple Inc. Iphone Os	—	0.01	Nov 26, 2010	iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3827	Apple Inc. Iphone Os	—	0.01	Nov 26, 2010	Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-1817	Apple Inc. Iphone Os	—	0.01	Sep 9, 2010	Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
CVE-2010-1815	Canonical Ubuntu Linux	—	0.06	Sep 9, 2010	Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVE-2010-1814	Canonical Ubuntu Linux	—	0.05	Sep 9, 2010	WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVE-2010-1812	Canonical Ubuntu Linux	—	0.06	Sep 9, 2010	Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
CVE-2010-1811	Apple Inc. Iphone Os	—	0.04	Sep 9, 2010	ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
CVE-2010-1810	Apple Inc. Iphone Os	—	0.00	Sep 9, 2010	FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
CVE-2010-1809	Apple Inc. Iphone Os	—	0.01	Sep 9, 2010	The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
CVE-2010-1775	Apple Inc. Iphone Os	—	0.00	Jun 22, 2010	Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
CVE-2010-1757	Apple Inc. Iphone Os	—	0.03	Jun 22, 2010	WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
CVE-2010-1756	Apple Inc. Iphone Os	—	0.00	Jun 22, 2010	The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
CVE-2010-1755	Apple Inc. Safari	—	0.00	Jun 22, 2010	Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
CVE-2010-1754	Apple Inc. Iphone Os	—	0.00	Jun 22, 2010	Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via…
CVE-2010-1753	Apple Inc. Iphone Os	—	0.02	Jun 22, 2010	ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.

CVE-2011-1344Mar 10, 2011
Apple Inc.
Safari
risk 0.00cvss —epss 0.05
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then…
CVE-2010-4012Dec 8, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.
CVE-2010-3832Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
CVE-2010-3831Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
CVE-2010-3829Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a…
CVE-2010-3828Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3827Nov 26, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-1817Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
CVE-2010-1815Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.06
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVE-2010-1814Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.05
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
CVE-2010-1812Sep 9, 2010
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.06
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
CVE-2010-1811Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.04
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
CVE-2010-1810Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
CVE-2010-1809Sep 9, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
CVE-2010-1775Jun 22, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
CVE-2010-1757Jun 22, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.03
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
CVE-2010-1756Jun 22, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
CVE-2010-1755Jun 22, 2010
Apple Inc.
Safari
risk 0.00cvss —epss 0.00
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
CVE-2010-1754Jun 22, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via…
CVE-2010-1753Jun 22, 2010
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.02
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.

Page 92 of 93