Vulnerabilities > Apple > Iphone OS > 4.2.10

DATE CVE VULNERABILITY TITLE RISK
2014-09-18 CVE-2014-4388 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
network
apple CWE-20
critical
9.3
2014-09-18 CVE-2014-4386 Race Condition vulnerability in Apple Iphone OS
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
local
apple CWE-362
1.9
2014-09-18 CVE-2014-4384 Path Traversal vulnerability in Apple Iphone OS
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
local
apple CWE-22
1.9
2014-09-18 CVE-2014-4383 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
network
apple CWE-20
4.3
2014-09-18 CVE-2014-4381 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
network
apple CWE-119
critical
9.3
2014-09-18 CVE-2014-4380 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
network
apple CWE-119
critical
9.3
2014-09-18 CVE-2014-4379 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
network
apple CWE-119
7.1
2014-09-18 CVE-2014-4378 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
network
apple CWE-119
5.8
2014-09-18 CVE-2014-4377 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
2014-09-18 CVE-2014-4375 Local Memory Corruption vulnerability in Apple Iphone OS, mac OS X and Tvos
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
local
low complexity
apple
7.2