| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0981 |
|
|
+Priv |
2013-03-20 |
2013-03-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. |
|
2 |
CVE-2013-0980 |
264 |
|
Bypass |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. |
|
3 |
CVE-2013-0979 |
264 |
|
|
2013-03-20 |
2013-03-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. |
|
4 |
CVE-2013-0978 |
200 |
|
Bypass +Info |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. |
|
5 |
CVE-2013-0977 |
|
|
Bypass |
2013-03-20 |
2013-03-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. |
|
6 |
CVE-2013-0956 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-01-29 |
2013-03-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. |
|
7 |
CVE-2012-3750 |
264 |
|
Bypass |
2012-11-03 |
2013-03-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. |
|
8 |
CVE-2012-3749 |
200 |
|
Bypass +Info |
2012-11-03 |
2013-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. |
|
9 |
CVE-2012-3748 |
362 |
|
DoS Exec Code |
2012-11-03 |
2013-03-01 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. |
|
10 |
CVE-2012-3747 |
399 |
|
DoS Exec Code Mem. Corr. |
2012-09-20 |
2013-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
|
11 |
CVE-2012-3746 |
310 |
|
|
2012-09-20 |
2013-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. |
|
12 |
CVE-2012-3745 |
119 |
|
DoS Overflow |
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. |
|
13 |
CVE-2012-3744 |
|
|
|
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. |
|
14 |
CVE-2012-3743 |
264 |
|
+Info |
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. |
|
15 |
CVE-2012-3742 |
264 |
|
|
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. |
|
16 |
CVE-2012-3741 |
287 |
|
Bypass |
2012-09-20 |
2013-03-25 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. |
|
17 |
CVE-2012-3740 |
264 |
|
Bypass |
2012-09-20 |
2012-09-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
|
18 |
CVE-2012-3739 |
264 |
|
Bypass |
2012-09-20 |
2012-09-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. |
|
19 |
CVE-2012-3738 |
264 |
|
Bypass +Info |
2012-09-20 |
2013-03-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. |
|
20 |
CVE-2012-3737 |
264 |
|
|
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. |
|
21 |
CVE-2012-3736 |
264 |
|
Bypass |
2012-09-20 |
2012-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. |
|
22 |
CVE-2012-3735 |
200 |
|
+Info |
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. |
|
23 |
CVE-2012-3734 |
310 |
|
Bypass |
2012-09-20 |
2013-03-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. |
|
24 |
CVE-2012-3733 |
200 |
|
+Info |
2012-09-20 |
2013-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. |
|
25 |
CVE-2012-3732 |
310 |
|
|
2012-09-20 |
2013-03-25 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. |
|
26 |
CVE-2012-3731 |
|
|
Bypass |
2012-09-20 |
2013-03-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
|
27 |
CVE-2012-3730 |
|
|
|
2012-09-20 |
2013-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. |
|
28 |
CVE-2012-3729 |
264 |
|
+Info |
2012-09-20 |
2013-03-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. |
|
29 |
CVE-2012-3728 |
264 |
|
+Priv |
2012-09-20 |
2013-03-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. |
|
30 |
CVE-2012-3727 |
119 |
|
Exec Code Overflow |
2012-09-20 |
2013-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. |
|
31 |
CVE-2012-3726 |
399 |
|
DoS Exec Code |
2012-09-20 |
2013-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. |
|
32 |
CVE-2012-3725 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets. |
|
33 |
CVE-2012-3724 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. |
|
34 |
CVE-2012-3722 |
399 |
|
DoS Exec Code |
2012-09-20 |
2013-03-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
|
35 |
CVE-2011-3441 |
200 |
|
+Info |
2011-11-11 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. |
|
36 |
CVE-2011-3440 |
264 |
|
|
2011-11-11 |
2011-11-15 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
|
37 |
CVE-2011-3439 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-11 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
|
38 |
CVE-2011-1418 |
200 |
|
+Info |
2011-03-11 |
2011-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. |
|
39 |
CVE-2011-1417 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. |
|
40 |
CVE-2011-1344 |
399 |
|
Exec Code |
2011-03-10 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. |
|
41 |
CVE-2011-0228 |
20 |
|
|
2011-08-29 |
2011-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. |
|
42 |
CVE-2011-0227 |
264 |
|
+Priv |
2011-07-19 |
2011-07-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. |
|
43 |
CVE-2011-0226 |
189 |
|
DoS Exec Code Mem. Corr. |
2011-07-19 |
2011-10-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
|
44 |
CVE-2011-0163 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. |
|
45 |
CVE-2011-0162 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. |
|
46 |
CVE-2011-0161 |
264 |
|
Bypass |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. |
|
47 |
CVE-2011-0160 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
|
48 |
CVE-2011-0158 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. |
|
49 |
CVE-2011-0157 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2011-03-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. |
|
50 |
CVE-2010-3832 |
119 |
|
Exec Code Overflow |
2010-11-26 |
2010-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. |
