| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2566 |
310 |
|
|
2013-03-15 |
2013-04-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. |
|
2 |
CVE-2013-0980 |
264 |
|
Bypass |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. |
|
3 |
CVE-2013-0978 |
200 |
|
Bypass +Info |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. |
|
4 |
CVE-2013-0963 |
20 |
|
Bypass |
2013-01-29 |
2013-03-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. |
|
5 |
CVE-2013-0962 |
79 |
|
XSS |
2013-01-29 |
2013-03-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. |
|
6 |
CVE-2012-3740 |
264 |
|
Bypass |
2012-09-20 |
2012-09-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
|
7 |
CVE-2012-3739 |
264 |
|
Bypass |
2012-09-20 |
2012-09-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. |
|
8 |
CVE-2012-3737 |
264 |
|
|
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. |
|
9 |
CVE-2012-3735 |
200 |
|
+Info |
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. |
|
10 |
CVE-2012-3731 |
|
|
Bypass |
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
|
11 |
CVE-2012-3718 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
|
12 |
CVE-2012-0657 |
264 |
|
Bypass |
2012-05-10 |
2012-05-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
|
13 |
CVE-2011-3435 |
255 |
|
|
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. |
|
14 |
CVE-2011-3431 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. |
|
15 |
CVE-2011-3429 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. |
|
16 |
CVE-2011-3427 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. |
|
17 |
CVE-2011-3257 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. |
|
18 |
CVE-2011-3253 |
200 |
|
+Info |
2011-10-14 |
2011-10-14 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. |
|
19 |
CVE-2011-3245 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. |
|
20 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
|
21 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
|
22 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
|
23 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
|
24 |
CVE-2011-3212 |
310 |
|
+Info |
2011-10-14 |
2012-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. |
|
25 |
CVE-2011-0197 |
200 |
|
+Info |
2011-06-24 |
2011-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. |
|
26 |
CVE-2011-0180 |
189 |
|
Overflow |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. |
|
27 |
CVE-2011-0178 |
200 |
|
+Info |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. |
|
28 |
CVE-2011-0169 |
79 |
|
XSS Bypass |
2011-03-11 |
2011-03-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. |
|
29 |
CVE-2010-2431 |
59 |
|
|
2010-06-22 |
2013-05-14 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. |
|
30 |
CVE-2010-1796 |
200 |
|
+Info |
2010-07-30 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. |
|
31 |
CVE-2010-0650 |
264 |
|
Bypass |
2010-02-18 |
2012-01-26 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. |
|
32 |
CVE-2010-0537 |
264 |
|
|
2010-03-30 |
2010-06-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. |
|
33 |
CVE-2010-0530 |
264 |
|
+Info |
2010-12-09 |
2011-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory. |
|
34 |
CVE-2010-0039 |
264 |
|
|
2010-12-21 |
2011-01-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server. |
|
35 |
CVE-2009-2796 |
200 |
|
+Info |
2009-09-10 |
2012-10-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. |
|
36 |
CVE-2009-2207 |
264 |
|
+Info |
2009-09-10 |
2012-10-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. |
|
37 |
CVE-2009-2201 |
310 |
|
|
2009-09-15 |
2009-09-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. |
|
38 |
CVE-2009-1716 |
264 |
|
+Info |
2009-06-10 |
2009-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. |
|
39 |
CVE-2009-1710 |
|
|
|
2009-06-10 |
2011-02-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. |
|
40 |
CVE-2009-1680 |
200 |
|
+Info |
2009-06-19 |
2012-03-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. |
|
41 |
CVE-2009-1679 |
264 |
|
Bypass |
2009-06-19 |
2012-03-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. |
|
42 |
CVE-2009-0141 |
264 |
|
|
2009-02-12 |
2009-02-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. |
|
43 |
CVE-2009-0014 |
264 |
|
Bypass |
2009-02-12 |
2009-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. |
|
44 |
CVE-2009-0013 |
255 |
|
+Priv |
2009-02-12 |
2009-02-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. |
|
45 |
CVE-2008-5914 |
|
|
|
2009-01-20 |
2009-01-23 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
|
46 |
CVE-2008-4233 |
|
|
|
2008-11-25 |
2008-12-03 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. |
|
47 |
CVE-2008-3634 |
200 |
|
+Info |
2008-09-10 |
2008-09-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. |
|
48 |
CVE-2008-3619 |
264 |
|
+Info |
2008-09-16 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. |
|
49 |
CVE-2008-1578 |
200 |
|
+Info |
2008-06-02 |
2011-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. |
|
50 |
CVE-2008-1033 |
264 |
|
+Info |
2008-06-02 |
2011-06-16 |
2.1 |
None |
Remote |
High |
Single system |
Partial |
None |
None |
|
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." |
