Vulnerabilities > Apple > Iphone OS > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-18 | CVE-2014-4459 | Memory Corruption vulnerability in WebKit Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. network apple | 6.8 |
| 2014-11-18 | CVE-2014-4457 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | 7.5 |
| 2014-11-18 | CVE-2014-4455 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | 2.1 |
| 2014-11-18 | CVE-2014-4453 | Information Exposure vulnerability in Apple Iphone OS and mac OS X Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2014-11-18 | CVE-2014-4451 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | 7.2 |
| 2014-10-22 | CVE-2014-4450 | Credentials Management vulnerability in Apple Iphone OS The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | 1.9 |
| 2014-10-22 | CVE-2014-4449 | Cryptographic Issues vulnerability in Apple Iphone OS iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2014-10-22 | CVE-2014-4448 | Cryptographic Issues vulnerability in Apple Iphone OS House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | 1.9 |
| 2014-09-18 | CVE-2014-4423 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | 4.3 |
| 2014-09-18 | CVE-2014-4422 | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 6.8 |