Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 3723 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4463 1 Apple 1 Iphone Os 2024-11-21 2.1 LOW N/A
Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.
CVE-2014-4462 1 Apple 2 Iphone Os, Tvos 2024-11-21 5.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
CVE-2014-4461 1 Apple 3 Iphone Os, Mac Os X, Tvos 2024-11-21 9.3 HIGH N/A
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
CVE-2014-4460 1 Apple 2 Iphone Os, Mac Os X 2024-11-21 2.1 LOW N/A
CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.
CVE-2014-4459 1 Apple 5 Iphone Os, Itunes, Mac Os X and 2 more 2024-11-21 6.8 MEDIUM N/A
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
CVE-2014-4457 1 Apple 1 Iphone Os 2024-11-21 7.5 HIGH N/A
The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.
CVE-2014-4455 1 Apple 2 Iphone Os, Tvos 2024-11-21 2.1 LOW N/A
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4453 1 Apple 2 Iphone Os, Mac Os X 2024-11-21 5.0 MEDIUM N/A
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4452 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2024-11-21 5.4 MEDIUM N/A
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4451 1 Apple 1 Iphone Os 2024-11-21 7.2 HIGH N/A
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
CVE-2014-4450 1 Apple 1 Iphone Os 2024-11-21 1.9 LOW N/A
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
CVE-2014-4449 1 Apple 1 Iphone Os 2024-11-21 6.8 MEDIUM N/A
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4448 1 Apple 1 Iphone Os 2024-11-21 1.9 LOW N/A
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVE-2014-4423 1 Apple 1 Iphone Os 2024-11-21 4.3 MEDIUM N/A
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.
CVE-2014-4422 1 Apple 2 Iphone Os, Tvos 2024-11-21 6.8 MEDIUM 8.1 HIGH
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
CVE-2014-4421 1 Apple 3 Iphone Os, Mac Os X, Tvos 2024-11-21 1.9 LOW N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
CVE-2014-4420 1 Apple 3 Iphone Os, Mac Os X, Tvos 2024-11-21 1.9 LOW N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
CVE-2014-4419 1 Apple 3 Iphone Os, Mac Os X, Tvos 2024-11-21 1.9 LOW N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
CVE-2014-4418 1 Apple 2 Iphone Os, Tvos 2024-11-21 9.3 HIGH 7.8 HIGH
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
CVE-2014-4415 1 Apple 3 Iphone Os, Safari, Tvos 2024-11-21 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.