CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os » 4.3.0 : Security Vulnerabilities

Cpe Name:cpe:/o:apple:iphone_os:4.3.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2017-7153 601 2018-04-03 2018-05-03
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.
302 CVE-2017-7152 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
303 CVE-2017-7151 362 2019-04-03 2019-04-05
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.
304 CVE-2017-7113 200 Bypass +Info 2017-11-12 2017-11-28
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.
305 CVE-2017-7075 200 +Info 2018-04-03 2018-05-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.
306 CVE-2017-7066 119 DoS Overflow Mem. Corr. 2018-04-03 2018-05-04
3.3
None Local Network Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.
307 CVE-2017-7065 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-05-04
5.8
None Local Network Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.
308 CVE-2017-7043 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2019-05-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
309 CVE-2017-7040 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2019-05-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
310 CVE-2017-7012 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2019-05-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
311 CVE-2017-7006 203 Bypass +Info 2017-07-20 2019-10-02
2.6
None Remote High Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
312 CVE-2017-7005 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
313 CVE-2017-7004 362 Bypass 2018-04-03 2018-05-04
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
314 CVE-2017-7003 20 DoS 2018-04-03 2018-05-04
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.
315 CVE-2017-7002 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
316 CVE-2017-7001 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
317 CVE-2017-7000 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
318 CVE-2017-6976 Bypass 2018-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app.
319 CVE-2017-2520 787 DoS Exec Code Overflow 2017-05-22 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
320 CVE-2017-2519 DoS Exec Code Mem. Corr. 2017-05-22 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.
321 CVE-2017-2518 416 DoS Exec Code Overflow 2017-05-22 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
322 CVE-2017-2502 Bypass 2017-05-22 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
323 CVE-2017-2493 200 Bypass +Info 2018-04-03 2018-05-04
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.
324 CVE-2017-2492 79 XSS 2018-04-03 2018-05-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling.
325 CVE-2017-2411 254 2019-01-11 2019-01-17
4.3
None Remote Medium Not required Partial None None
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
326 CVE-2016-7576 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
9.3
None Remote Medium Not required Complete Complete Complete
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
327 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2019-06-18
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
328 CVE-2016-4644 200 +Info 2019-01-11 2019-01-17
4.0
None Remote Low Single system Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
329 CVE-2016-4643 200 +Info 2019-01-11 2019-01-17
4.0
None Remote Low Single system Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
330 CVE-2016-4642 254 2019-01-11 2019-01-17
4.3
None Remote Medium Not required Partial None None
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
331 CVE-2016-4609 119 DoS Overflow Mem. Corr. 2016-07-21 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
332 CVE-2016-4607 119 DoS Overflow Mem. Corr. 2016-07-21 2019-06-18
7.5
None Remote Low Not required Partial Partial Partial
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
333 CVE-2016-1841 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
334 CVE-2015-1098 119 DoS Exec Code Overflow Mem. Corr. 2015-04-10 2019-09-27
6.8
None Remote Medium Not required Partial Partial Partial
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
335 CVE-2014-4459 Exec Code 2014-11-18 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
336 CVE-2014-2019 264 Bypass 2014-02-18 2019-09-27
4.9
None Local Low Not required None Complete None
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
337 CVE-2013-5159 264 Bypass +Info 2013-09-19 2013-10-22
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
338 CVE-2013-5158 264 +Info 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
339 CVE-2013-5157 264 2013-09-19 2013-10-22
5.0
None Remote Low Not required None Partial None
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
340 CVE-2013-5156 264 Bypass 2013-09-19 2013-10-22
4.3
None Remote Medium Not required Partial None None
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
341 CVE-2013-5155 20 DoS 2013-09-19 2013-10-22
7.1
None Remote Medium Not required None None Complete
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
342 CVE-2013-5154 264 Bypass 2013-09-19 2013-10-25
4.3
None Remote Medium Not required None Partial None
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
343 CVE-2013-5153 264 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
344 CVE-2013-5152 20 2013-09-19 2013-10-11
4.3
None Remote Medium Not required None Partial None
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
345 CVE-2013-5151 79 XSS 2013-09-19 2013-10-22
4.3
None Remote Medium Not required None Partial None
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
346 CVE-2013-5150 200 +Info 2013-09-19 2014-10-24
1.9
None Local Medium Not required Partial None None
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
347 CVE-2013-5149 264 +Info 2013-09-19 2013-10-25
4.3
None Remote Medium Not required Partial None None
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
348 CVE-2013-5147 362 Bypass 2013-09-19 2013-09-26
3.7
None Local High Not required Partial Partial Partial
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
349 CVE-2013-5145 264 2013-09-19 2013-10-30
6.3
None Local Medium Not required None Complete Complete
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
350 CVE-2013-5142 200 +Info 2013-09-19 2013-10-30
4.9
None Local Low Not required Complete None None
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
Total number of vulnerabilities : 524   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.