| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-3442 |
399 |
|
Exec Code |
2011-11-11 |
2012-02-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. |
|
2 |
CVE-2011-3441 |
200 |
|
+Info |
2011-11-11 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. |
|
3 |
CVE-2011-3440 |
264 |
|
|
2011-11-11 |
2011-11-15 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
|
4 |
CVE-2011-3439 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-11 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
|
5 |
CVE-2011-3434 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
|
6 |
CVE-2011-3432 |
399 |
|
DoS |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |
|
7 |
CVE-2011-3431 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. |
|
8 |
CVE-2011-3430 |
|
|
|
2011-10-14 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. |
|
9 |
CVE-2011-3429 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. |
|
10 |
CVE-2011-3427 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. |
|
11 |
CVE-2011-3426 |
79 |
|
XSS |
2011-10-14 |
2012-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. |
|
12 |
CVE-2011-3261 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. |
|
13 |
CVE-2011-3260 |
94 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. |
|
14 |
CVE-2011-3259 |
399 |
|
DoS |
2011-10-14 |
2012-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. |
|
15 |
CVE-2011-3257 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. |
|
16 |
CVE-2011-3256 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. |
|
17 |
CVE-2011-3255 |
255 |
|
+Info |
2011-10-14 |
2012-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
|
18 |
CVE-2011-3254 |
79 |
|
XSS |
2011-10-14 |
2011-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. |
|
19 |
CVE-2011-3253 |
200 |
|
+Info |
2011-10-14 |
2011-10-14 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. |
|
20 |
CVE-2011-3246 |
200 |
|
+Info |
2011-10-14 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. |
|
21 |
CVE-2011-3245 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. |
|
22 |
CVE-2011-3243 |
79 |
|
XSS |
2011-10-14 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. |
|
23 |
CVE-2011-1418 |
200 |
|
+Info |
2011-03-11 |
2011-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. |
|
24 |
CVE-2011-1417 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. |
|
25 |
CVE-2011-1344 |
399 |
|
Exec Code |
2011-03-10 |
2012-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. |
|
26 |
CVE-2011-0228 |
20 |
|
|
2011-08-29 |
2011-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. |
|
27 |
CVE-2011-0227 |
264 |
|
+Priv |
2011-07-19 |
2011-07-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. |
|
28 |
CVE-2011-0226 |
189 |
|
DoS Exec Code Mem. Corr. |
2011-07-19 |
2011-10-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
|
29 |
CVE-2011-0195 |
200 |
|
+Info |
2011-04-15 |
2011-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. |
|
30 |
CVE-2011-0163 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. |
|
31 |
CVE-2011-0162 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. |
|
32 |
CVE-2011-0161 |
264 |
|
Bypass |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. |
|
33 |
CVE-2011-0160 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
|
34 |
CVE-2011-0159 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. |
|
35 |
CVE-2011-0158 |
20 |
|
DoS |
2011-03-11 |
2011-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. |
|
36 |
CVE-2011-0157 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-11 |
2011-03-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. |
|
37 |
CVE-2011-0154 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-03-03 |
2012-03-30 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. |
