Vulnerabilities > Apple > Iphone OS > 3.2

DATE CVE VULNERABILITY TITLE RISK
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2015-05-08 CVE-2015-1156 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.
network
apple CWE-264
4.3
2015-05-08 CVE-2015-1155 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
network
apple CWE-264
4.3
2015-05-08 CVE-2015-1153 Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
network
apple
6.8
2015-05-08 CVE-2015-1152 Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
network
apple
6.8
2015-04-10 CVE-2015-1129 Cryptographic Issues vulnerability in Apple Iphone OS and Safari
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
network
apple CWE-310
4.3
2015-04-10 CVE-2015-1126 Improper Input Validation vulnerability in Apple Iphone OS and Safari
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
network
apple CWE-20
4.3
2015-04-10 CVE-2015-1125 Code vulnerability in Apple Iphone OS
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
network
apple CWE-17
4.3
2015-04-10 CVE-2015-1124 Memory Corruption vulnerability in WebKit
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
network
apple
6.8
2015-04-10 CVE-2015-1123 Memory Corruption vulnerability in Apple Iphone OS and Tvos
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.
network
apple
6.8