Vulnerabilities > Apple > Iphone OS > 4.2.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5158 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | 2.1 |
| 2013-09-19 | CVE-2013-5157 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | 5.0 |
| 2013-09-19 | CVE-2013-5156 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | 4.3 |
| 2013-09-19 | CVE-2013-5155 | Improper Input Validation vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | 7.1 |
| 2013-09-19 | CVE-2013-5154 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | 4.3 |
| 2013-09-19 | CVE-2013-5153 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | 2.1 |
| 2013-09-19 | CVE-2013-5152 | Improper Input Validation vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | 4.3 |
| 2013-09-19 | CVE-2013-5151 | Cross-Site Scripting vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | 4.3 |
| 2013-09-19 | CVE-2013-5150 | Information Exposure vulnerability in Apple Iphone OS The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | 1.9 |
| 2013-09-19 | CVE-2013-5149 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | 4.3 |