CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2014-4479 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
752 CVE-2014-4477 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
753 CVE-2014-4476 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
754 CVE-2014-4475 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
755 CVE-2014-4474 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
756 CVE-2014-4473 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
757 CVE-2014-4472 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
758 CVE-2014-4471 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
759 CVE-2014-4470 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
760 CVE-2014-4469 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
761 CVE-2014-4468 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
762 CVE-2014-4467 17 2015-01-30 2015-02-02
4.3
None Remote Medium Not required None Partial None
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.
763 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
764 CVE-2014-4465 20 Bypass 2014-12-10 2015-02-09
5.0
None Remote Low Not required None Partial None
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
765 CVE-2014-4463 264 Bypass 2014-11-18 2016-12-07
2.1
None Local Low Not required Partial None None
Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.
766 CVE-2014-4462 399 DoS Exec Code Mem. Corr. 2014-11-18 2016-12-07
5.8
None Local Network Low Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
767 CVE-2014-4461 20 Exec Code 2014-11-18 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
768 CVE-2014-4460 200 +Info 2014-11-18 2016-12-07
2.1
None Local Low Not required Partial None None
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
769 CVE-2014-4459 Exec Code 2014-11-18 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
770 CVE-2014-4457 264 Bypass 2014-11-18 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
771 CVE-2014-4455 264 Bypass 2014-11-18 2016-12-07
2.1
None Local Low Not required None Partial None
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
772 CVE-2014-4453 200 +Info 2014-11-18 2016-12-07
5.0
None Remote Low Not required Partial None None
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
773 CVE-2014-4452 399 DoS Exec Code Mem. Corr. 2014-11-18 2016-12-07
5.4
None Local Network Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
774 CVE-2014-4451 264 Bypass 2014-11-18 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
775 CVE-2014-4450 255 2014-10-22 2015-12-03
1.9
None Local Medium Not required Partial None None
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
776 CVE-2014-4449 310 +Info 2014-10-22 2015-11-05
6.8
None Remote Medium Not required Partial Partial Partial
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
777 CVE-2014-4448 310 +Info 2014-10-22 2015-12-03
1.9
None Local Medium Not required Partial None None
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
778 CVE-2014-4423 264 Bypass 2014-09-18 2017-01-06
4.3
None Remote Medium Not required Partial None None
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
779 CVE-2014-4422 310 Bypass 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
780 CVE-2014-4421 +Info 2014-09-18 2017-01-06
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
781 CVE-2014-4420 +Info 2014-09-18 2017-01-06
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
782 CVE-2014-4419 +Info 2014-09-18 2017-01-06
1.9
None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
783 CVE-2014-4418 20 Exec Code 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
784 CVE-2014-4415 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
785 CVE-2014-4414 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
786 CVE-2014-4413 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
787 CVE-2014-4412 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
788 CVE-2014-4411 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
789 CVE-2014-4410 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
790 CVE-2014-4409 200 +Info 2014-09-18 2017-01-06
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
791 CVE-2014-4408 119 DoS Overflow +Priv 2014-09-18 2017-01-06
6.9
None Local Medium Not required Complete Complete Complete
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
792 CVE-2014-4407 200 +Info 2014-09-18 2017-01-06
4.3
None Remote Medium Not required Partial None None
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
793 CVE-2014-4405 DoS Exec Code 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
794 CVE-2014-4404 119 Exec Code Overflow 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
795 CVE-2014-4389 189 Exec Code Overflow 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
796 CVE-2014-4388 20 Exec Code 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
797 CVE-2014-4386 362 +Priv 2014-09-18 2017-01-06
1.9
None Local Medium Not required None Partial None
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
798 CVE-2014-4384 22 Dir. Trav. 2014-09-18 2017-01-06
1.9
None Local Medium Not required None Partial None
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
799 CVE-2014-4383 20 2014-09-18 2017-01-06
4.3
None Remote Medium Not required None Partial None
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
800 CVE-2014-4381 119 Exec Code Overflow 2014-09-18 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
Total number of vulnerabilities : 1178   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.