CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities

Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2566 310 2013-03-15 2013-04-19
2.6
None Remote High Not required Partial None None
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
2 CVE-2013-1022 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.
3 CVE-2013-1021 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.
4 CVE-2013-1020 399 DoS Exec Code Mem. Corr. 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.
5 CVE-2013-1019 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
6 CVE-2013-1018 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
7 CVE-2013-1017 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
8 CVE-2013-1016 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.
9 CVE-2013-1015 119 DoS Exec Code Overflow Mem. Corr. 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.
10 CVE-2013-1014 264 2013-05-20 2013-05-20
2.9
None Local Network Medium Not required Partial None None
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
11 CVE-2013-1011 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
12 CVE-2013-1010 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
13 CVE-2013-1008 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
14 CVE-2013-1007 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15 CVE-2013-1006 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
16 CVE-2013-1005 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
17 CVE-2013-1004 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
18 CVE-2013-1003 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
19 CVE-2013-1002 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
20 CVE-2013-1001 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
21 CVE-2013-1000 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
22 CVE-2013-0999 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
23 CVE-2013-0998 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
24 CVE-2013-0997 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
25 CVE-2013-0996 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
26 CVE-2013-0995 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
27 CVE-2013-0994 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
28 CVE-2013-0993 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
29 CVE-2013-0992 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
30 CVE-2013-0991 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
31 CVE-2013-0989 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.
32 CVE-2013-0988 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.
33 CVE-2013-0987 399 DoS Exec Code Mem. Corr. 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
34 CVE-2013-0986 119 DoS Exec Code Overflow 2013-05-24 2013-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.
35 CVE-2013-0981 +Priv 2013-03-20 2013-03-21
7.2
None Local Low Not required Complete Complete Complete
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.
36 CVE-2013-0980 264 Bypass 2013-03-20 2013-03-21
2.1
None Local Low Not required None Partial None
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
37 CVE-2013-0979 264 2013-03-20 2013-03-21
1.9
None Local Medium Not required None Partial None
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
38 CVE-2013-0978 200 Bypass +Info 2013-03-20 2013-03-21
2.1
None Local Low Not required Partial None None
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
39 CVE-2013-0977 Bypass 2013-03-20 2013-03-21
4.6
None Local Low Not required Partial Partial Partial
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.
40 CVE-2013-0976 DoS Exec Code Mem. Corr. 2013-03-15 2013-03-18
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.
41 CVE-2013-0974 Exec Code Bypass 2013-01-29 2013-02-05
5.1
None Remote High Not required Partial Partial Partial
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.
42 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
43 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
44 CVE-2013-0970 Bypass 2013-03-15 2013-03-15
4.3
None Remote Medium Not required None Partial None
Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.
45 CVE-2013-0969 264 Bypass 2013-03-15 2013-03-18
4.9
None Local Low Not required None Complete None
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.
46 CVE-2013-0968 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
47 CVE-2013-0967 Bypass 2013-03-15 2013-03-18
4.3
None Remote Medium Not required None Partial None
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.
48 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
49 CVE-2013-0964 20 Bypass 2013-01-29 2013-02-05
3.6
None Local Low Not required Partial Partial None
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.
50 CVE-2013-0963 20 Bypass 2013-01-29 2013-03-15
2.1
None Local Low Not required None Partial None
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.
Total number of vulnerabilities : 2015   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.