Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2015-03-18 CVE-2015-1068 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
network
apple CWE-399
6.8
2015-03-12 CVE-2015-1065 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
5.4
2015-03-12 CVE-2015-1064 Information Exposure vulnerability in Apple Iphone OS
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
local
apple CWE-200
1.9
2015-03-12 CVE-2015-1063 NULL Pointer Dereference Denial of Service vulnerability in Apple IOS
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
network
low complexity
apple
7.8
2015-03-12 CVE-2015-1062 Data Processing Errors vulnerability in Apple Iphone OS and Tvos
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
network
low complexity
apple CWE-19
5.0
2015-03-12 CVE-2015-1061 Code Injection vulnerability in Apple Iphone OS, mac OS X and Tvos
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
network
apple CWE-94
critical
9.3
2015-03-11 CVE-2015-1067 Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Tvos
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.
network
apple CWE-310
4.3
2015-01-30 CVE-2014-8840 Cryptographic Issues vulnerability in Apple Iphone OS
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
network
apple CWE-310
6.8
2015-01-30 CVE-2014-4496 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
network
low complexity
apple CWE-264
5.0
2015-01-30 CVE-2014-4495 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
network
low complexity
apple CWE-264
critical
10.0