Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2014-04-23 CVE-2014-1320 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
local
low complexity
apple CWE-200
4.9
2014-04-23 CVE-2014-1296 Permissions, Privileges, and Access Controls vulnerability in Apple products
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
network
apple CWE-264
4.3
2014-04-23 CVE-2014-1295 Improper Authentication vulnerability in Apple Iphone OS, mac OS X and Tvos
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
network
apple CWE-287
6.8
2014-03-14 CVE-2014-1294 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1293 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1292 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1291 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1290 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1289 Buffer Errors vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.
network
apple CWE-119
6.8
2014-03-14 CVE-2014-1287 Buffer Errors vulnerability in Apple Iphone OS and Tvos
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
local
low complexity
apple CWE-119
7.2