Vulnerabilities > Apple > Iphone OS > 8.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-22 | CVE-2014-4450 | Credentials Management vulnerability in Apple Iphone OS The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | 1.9 |
2014-10-22 | CVE-2014-4449 | Cryptographic Issues vulnerability in Apple Iphone OS iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
2014-10-22 | CVE-2014-4448 | Cryptographic Issues vulnerability in Apple Iphone OS House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | 1.9 |
2013-06-05 | CVE-2013-3951 | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | 4.6 |