Vulnerabilities > Apple > Iphone OS > 7.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-22 | CVE-2014-4449 | Cryptographic Issues vulnerability in Apple Iphone OS iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2014-10-22 | CVE-2014-4448 | Cryptographic Issues vulnerability in Apple Iphone OS House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | 1.9 |
| 2014-09-18 | CVE-2014-4423 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | 4.3 |
| 2014-09-18 | CVE-2014-4422 | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 6.8 |
| 2014-09-18 | CVE-2014-4421 | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. local apple | 1.9 |
| 2014-09-18 | CVE-2014-4420 | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. local apple | 1.9 |
| 2014-09-18 | CVE-2014-4419 | Security vulnerability in Apple Iphone OS, mac OS X and Tvos The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. local apple | 1.9 |
| 2014-09-18 | CVE-2014-4418 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | 9.3 |
| 2014-09-18 | CVE-2014-4415 | Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4414 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |