Vulnerabilities > Apple > Iphone OS > 7.0

DATE CVE VULNERABILITY TITLE RISK
2015-04-10 CVE-2015-1098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
local
low complexity
apple CWE-119
7.3
2014-09-18 CVE-2014-4422 Cryptographic Issues vulnerability in Apple Iphone OS and Tvos
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
network
high complexity
apple CWE-310
8.1
2014-09-18 CVE-2014-4418 Improper Input Validation vulnerability in Apple Iphone OS
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4407 Information Exposure vulnerability in Apple Iphone OS and Tvos
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
local
low complexity
apple CWE-200
3.3
2014-09-18 CVE-2014-4404 Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
local
low complexity
apple CWE-787
7.8
2014-09-18 CVE-2014-4388 Improper Input Validation vulnerability in Apple mac OS X
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4375 Unspecified vulnerability in Apple mac OS X
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
local
low complexity
apple
7.8
2014-09-18 CVE-2014-4373 Unspecified vulnerability in Apple Iphone OS
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
local
low complexity
apple
5.5
2014-09-18 CVE-2014-4364 Cryptographic Issues vulnerability in Apple Iphone OS
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
high complexity
apple CWE-310
5.6
2014-02-22 CVE-2014-1266 Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Tvos
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.
network
high complexity
apple CWE-295
7.4