Vulnerabilities > Apple > Iphone OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-3953 | Information Exposure vulnerability in Apple Iphone OS and mac OS X The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | 4.9 |
| 2013-06-05 | CVE-2013-3951 | Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | 4.6 |
| 2013-06-05 | CVE-2013-3950 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | 5.0 |
| 2013-06-05 | CVE-2013-3948 | Improper Input Validation vulnerability in Apple Iphone OS 6.1.3 Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | 4.3 |
| 2013-05-24 | CVE-2013-1019 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS and Quicktime Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 9.3 |
| 2013-05-20 | CVE-2013-1010 | Resource Management Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 9.3 |
| 2013-05-20 | CVE-2013-1008 | Resource Management Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 9.3 |
| 2013-05-20 | CVE-2013-1007 | Resource Management Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 9.3 |
| 2013-05-20 | CVE-2013-1006 | Resource Management Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 9.3 |
| 2013-05-20 | CVE-2013-1005 | Resource Management Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | 9.3 |