Vulnerabilities > Apple > Iphone OS > 6.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5156 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | 4.3 |
| 2013-09-19 | CVE-2013-5155 | Improper Input Validation vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | 7.1 |
| 2013-09-19 | CVE-2013-5154 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | 4.3 |
| 2013-09-19 | CVE-2013-5153 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | 2.1 |
| 2013-09-19 | CVE-2013-5152 | Improper Input Validation vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | 4.3 |
| 2013-09-19 | CVE-2013-5151 | Cross-Site Scripting vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | 4.3 |
| 2013-09-19 | CVE-2013-5150 | Information Exposure vulnerability in Apple Iphone OS The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | 1.9 |
| 2013-09-19 | CVE-2013-5149 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | 4.3 |
| 2013-09-19 | CVE-2013-5147 | Race Condition vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | 3.7 |
| 2013-09-19 | CVE-2013-5145 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | 6.3 |