Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-4487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-119
critical
10.0
2015-01-30 CVE-2014-4486 Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
network
low complexity
apple
critical
10.0
2015-01-30 CVE-2014-4485 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
network
low complexity
apple CWE-119
7.5
2015-01-30 CVE-2014-4484 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
network
low complexity
apple CWE-19
7.5
2015-01-30 CVE-2014-4483 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4481 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
2015-01-30 CVE-2014-4480 Link Following vulnerability in Apple Iphone OS and Tvos
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
network
low complexity
apple CWE-59
critical
10.0
2015-01-30 CVE-2014-4479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4477 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
network
apple CWE-119
6.8
2015-01-30 CVE-2014-4476 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
network
apple CWE-119
6.8