Apple : Security Vulnerabilities, CVEs, Published In 2012 (Information Leak) CVSS score >= 5

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.

The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.