Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-4494 Improper Input Validation vulnerability in Apple Iphone OS
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.
network
apple CWE-20
6.8
2015-01-30 CVE-2014-4493 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
network
low complexity
apple CWE-264
7.5
2015-01-30 CVE-2014-4492 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
network
low complexity
apple CWE-19
7.5
2015-01-30 CVE-2014-4491 Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
network
low complexity
apple CWE-200
5.0
2015-01-30 CVE-2014-4489 Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
low complexity
apple
critical
10.0
2015-01-30 CVE-2014-4488 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-19
critical
10.0
2015-01-30 CVE-2014-4487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
low complexity
apple CWE-119
critical
10.0
2015-01-30 CVE-2014-4486 Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
network
low complexity
apple
critical
10.0
2015-01-30 CVE-2014-4485 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
network
low complexity
apple CWE-119
7.5
2015-01-30 CVE-2014-4484 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
network
low complexity
apple CWE-19
7.5