Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2014-09-18 CVE-2014-4373 NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS, mac OS X and Tvos
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
network
low complexity
apple
7.8
2014-09-18 CVE-2014-4372 Link Following vulnerability in Apple Iphone OS and Tvos
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
local
low complexity
apple CWE-59
3.6
2014-09-18 CVE-2014-4371 Improper Initialization vulnerability in Apple Iphone OS, mac OS X and Tvos
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
local
apple CWE-665
1.9
2014-09-18 CVE-2014-4369 NULL Pointer Dereference Denial of Service vulnerability in Apple Iphone OS and Tvos
The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
network
low complexity
apple
7.8
2014-09-18 CVE-2014-4368 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
local
apple CWE-264
6.9
2014-09-18 CVE-2014-4367 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
local
low complexity
apple CWE-264
2.1
2014-09-18 CVE-2014-4366 Credentials Management vulnerability in Apple Iphone OS
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
network
low complexity
apple CWE-255
5.0
2014-09-18 CVE-2014-4364 Cryptographic Issues vulnerability in Apple Iphone OS and Tvos
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
2.9
2014-09-18 CVE-2014-4362 Information Exposure vulnerability in Apple Iphone OS
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
network
low complexity
apple CWE-200
5.0
2014-09-18 CVE-2014-4361 Information Exposure vulnerability in Apple Iphone OS
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
network
low complexity
apple CWE-200
5.0