Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2015-04-10 CVE-2015-1098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
local
low complexity
apple CWE-119
7.3
2014-09-18 CVE-2014-4422 Cryptographic Issues vulnerability in Apple Iphone OS and Tvos
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
network
high complexity
apple CWE-310
8.1
2014-09-18 CVE-2014-4418 Improper Input Validation vulnerability in Apple Iphone OS
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4407 Information Exposure vulnerability in Apple Iphone OS and Tvos
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
local
low complexity
apple CWE-200
3.3
2014-09-18 CVE-2014-4404 Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
local
low complexity
apple CWE-787
7.8
2014-09-18 CVE-2014-4388 Improper Input Validation vulnerability in Apple mac OS X
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4375 Unspecified vulnerability in Apple mac OS X
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
local
low complexity
apple
7.8
2014-09-18 CVE-2014-4373 Unspecified vulnerability in Apple Iphone OS
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
local
low complexity
apple
5.5
2014-09-18 CVE-2014-4364 Cryptographic Issues vulnerability in Apple Iphone OS
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
high complexity
apple CWE-310
5.6
2014-02-18 CVE-2014-2019 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
low complexity
apple CWE-264
4.6