Vulnerabilities > Apple > Iphone OS > 7.0.5

DATE CVE VULNERABILITY TITLE RISK
2014-03-14 CVE-2014-1273 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
network
apple CWE-20
5.8
2014-03-14 CVE-2014-1272 Link Following vulnerability in Apple Iphone OS and Tvos
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
local
apple CWE-59
6.3
2014-03-14 CVE-2014-1271 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
network
low complexity
apple CWE-20
7.8
2014-03-14 CVE-2014-1267 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.
network
apple CWE-20
5.8
2014-03-14 CVE-2013-6835 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
network
low complexity
apple CWE-264
5.0
2014-03-14 CVE-2013-5133 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
network
apple CWE-264
8.8
2014-02-22 CVE-2014-1266 Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
network
high complexity
apple CWE-295
7.4
2014-02-18 CVE-2014-2019 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.
local
low complexity
apple CWE-264
4.9
2013-12-18 CVE-2013-5228 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5225 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8