Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2014-09-18 CVE-2014-4386 Race Condition vulnerability in Apple Iphone OS
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
local
apple CWE-362
1.9
2014-09-18 CVE-2014-4384 Path Traversal vulnerability in Apple Iphone OS
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
local
apple CWE-22
1.9
2014-09-18 CVE-2014-4383 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
network
apple CWE-20
4.3
2014-09-18 CVE-2014-4381 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
network
apple CWE-119
critical
9.3
2014-09-18 CVE-2014-4380 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
network
apple CWE-119
critical
9.3
2014-09-18 CVE-2014-4379 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.
network
apple CWE-119
7.1
2014-09-18 CVE-2014-4378 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
network
apple CWE-119
5.8
2014-09-18 CVE-2014-4377 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
2014-09-18 CVE-2014-4375 Local Memory Corruption vulnerability in Apple Iphone OS, mac OS X and Tvos
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
local
low complexity
apple
7.2
2014-09-18 CVE-2014-4374 XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
apple
5.0