Vulnerabilities > Apple > Iphone OS > 7.0

DATE CVE VULNERABILITY TITLE RISK
2013-12-18 CVE-2013-5197 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5196 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-11-18 CVE-2013-5193 Credentials Management vulnerability in Apple Iphone OS
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.
local
apple CWE-255
4.7
2013-10-24 CVE-2013-5164 Race Condition vulnerability in Apple Iphone OS
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
local
apple CWE-362
3.3
2013-10-24 CVE-2013-5162 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
local
low complexity
apple CWE-264
2.1
2013-10-24 CVE-2013-5144 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
local
apple CWE-264
3.3
2013-09-28 CVE-2013-5161 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
local
apple CWE-264
4.4
2013-09-28 CVE-2013-5160 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
local
apple CWE-264
3.3
2013-06-05 CVE-2013-3951 Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
local
low complexity
apple CWE-20
4.6