Apple : Security Vulnerabilities, CVEs, Published In 2012 (Information Leak)
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
Max CVSS
5.0
EPSS Score
0.55%
Published
2012-11-03
Updated
2013-08-17
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.
Max CVSS
2.1
EPSS Score
0.06%
Published
2012-09-20
Updated
2017-08-29
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply.
Max CVSS
4.3
EPSS Score
0.34%
Published
2012-09-20
Updated
2017-08-29
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.
Max CVSS
3.3
EPSS Score
0.25%
Published
2012-09-20
Updated
2017-08-29
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-09-20
Updated
2017-08-29
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-09-20
Updated
2013-06-06
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Max CVSS
4.3
EPSS Score
0.32%
Published
2012-09-20
Updated
2017-08-29
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-07-25
Updated
2012-11-30
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Max CVSS
4.3
EPSS Score
0.36%
Published
2012-07-25
Updated
2013-03-22
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-05-11
Updated
2017-12-05
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-05-11
Updated
2017-12-05
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
Max CVSS
5.0
EPSS Score
0.19%
Published
2012-03-12
Updated
2018-01-06
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
Max CVSS
5.0
EPSS Score
0.15%
Published
2012-03-12
Updated
2018-01-06
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-02-02
Updated
2012-02-03
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-02-02
Updated
2012-02-03
15 vulnerabilities found