Vulnerabilities > Apple > Iphone OS > 6.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-22 | CVE-2014-1266 | Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Tvos The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | 7.4 |
2014-02-18 | CVE-2014-2019 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | 4.9 |
2014-01-24 | CVE-2014-1252 | Double Free vulnerability in Apple Iphone OS, mac OS X and Pages Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. | 7.5 |
2013-12-18 | CVE-2013-5228 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-12-18 | CVE-2013-5225 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-12-18 | CVE-2013-5199 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-12-18 | CVE-2013-5198 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-12-18 | CVE-2013-5197 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-12-18 | CVE-2013-5196 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | 6.8 |
2013-11-18 | CVE-2013-5193 | Credentials Management vulnerability in Apple Iphone OS The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | 4.7 |