Vulnerabilities > Apple > Iphone OS > 1.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5147 | Race Condition vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | 3.7 |
| 2013-09-19 | CVE-2013-5145 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | 6.3 |
| 2013-09-19 | CVE-2013-5142 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | 4.9 |
| 2013-09-19 | CVE-2013-5141 | Numeric Errors vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | 7.1 |
| 2013-09-19 | CVE-2013-5140 | Improper Input Validation vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | 7.8 |
| 2013-09-19 | CVE-2013-5139 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | 9.3 |
| 2013-09-19 | CVE-2013-5138 | Denial of Service vulnerability in Apple iPhone/iPad/iPod touch Prior to iOS 7 IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. local apple | 4.7 |
| 2013-09-19 | CVE-2013-5137 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | 2.6 |
| 2013-09-19 | CVE-2013-5131 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2013-09-19 | CVE-2013-5129 | Cross-Site Scripting vulnerability in Apple Iphone OS Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | 4.3 |