Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2014-03-14 CVE-2014-1272 Link Following vulnerability in Apple Iphone OS and Tvos
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
local
apple CWE-59
6.3
2014-03-14 CVE-2014-1271 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
network
low complexity
apple CWE-20
7.8
2014-03-14 CVE-2014-1267 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.
network
apple CWE-20
5.8
2014-03-14 CVE-2013-6835 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
network
low complexity
apple CWE-264
5.0
2014-03-14 CVE-2013-5133 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
network
apple CWE-264
8.8
2014-02-18 CVE-2014-2019 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
local
low complexity
apple CWE-264
4.9
2014-01-24 CVE-2014-1252 Double Free vulnerability in Apple Iphone OS, mac OS X and Pages
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
network
low complexity
apple CWE-415
7.5
2013-12-18 CVE-2013-5228 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5225 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5199 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8