Vulnerabilities > Apple > Iphone OS > 3.2

DATE CVE VULNERABILITY TITLE RISK
2013-09-19 CVE-2013-5159 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
network
apple CWE-264
4.3
2013-09-19 CVE-2013-5158 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
local
low complexity
apple CWE-264
2.1
2013-09-19 CVE-2013-5157 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
network
low complexity
apple CWE-264
5.0
2013-09-19 CVE-2013-5156 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
network
apple CWE-264
4.3
2013-09-19 CVE-2013-5155 Improper Input Validation vulnerability in Apple Iphone OS
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
network
apple CWE-20
7.1
2013-09-19 CVE-2013-5154 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
network
apple CWE-264
4.3
2013-09-19 CVE-2013-5153 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
local
low complexity
apple CWE-264
2.1
2013-09-19 CVE-2013-5152 Improper Input Validation vulnerability in Apple Iphone OS
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
network
apple CWE-20
4.3
2013-09-19 CVE-2013-5151 Cross-Site Scripting vulnerability in Apple Iphone OS
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
network
apple CWE-79
4.3
2013-09-19 CVE-2013-5150 Information Exposure vulnerability in Apple Iphone OS
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
local
apple CWE-200
1.9