Vulnerabilities > Apple > Iphone OS

DATE CVE VULNERABILITY TITLE RISK
2015-12-11 CVE-2015-7068 NULL Pointer Dereference vulnerability in Apple products
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
local
low complexity
apple CWE-476
7.8
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2015-04-10 CVE-2015-1098 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
local
low complexity
apple CWE-119
7.3
2014-09-18 CVE-2014-4422 Cryptographic Issues vulnerability in Apple Iphone OS and Tvos
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
network
high complexity
apple CWE-310
8.1
2014-09-18 CVE-2014-4418 Improper Input Validation vulnerability in Apple Iphone OS
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4407 Information Exposure vulnerability in Apple Iphone OS and Tvos
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
local
low complexity
apple CWE-200
3.3
2014-09-18 CVE-2014-4404 Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
local
low complexity
apple CWE-787
7.8
2014-09-18 CVE-2014-4388 Improper Input Validation vulnerability in Apple mac OS X
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
local
low complexity
apple CWE-20
7.8
2014-09-18 CVE-2014-4375 Unspecified vulnerability in Apple mac OS X
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
local
low complexity
apple
7.8
2014-09-18 CVE-2014-4373 Unspecified vulnerability in Apple Iphone OS
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
local
low complexity
apple
5.5