Vulnerabilities > Apple > Iphone OS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-01 | CVE-2014-1353 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. | 3.6 |
| 2014-07-01 | CVE-2014-1360 | Improper Input Validation vulnerability in Apple Iphone OS Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | 2.1 |
| 2014-03-14 | CVE-2014-1274 | Information Exposure vulnerability in Apple Iphone OS FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | 2.1 |
| 2014-03-14 | CVE-2014-1281 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. | 1.9 |
| 2014-01-28 | CVE-2014-0647 | Credentials Management vulnerability in Starbucks 2.6.1 The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. | 2.1 |
| 2013-10-24 | CVE-2013-5144 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | 3.3 |
| 2013-10-24 | CVE-2013-5162 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | 2.1 |
| 2013-10-24 | CVE-2013-5164 | Race Condition vulnerability in Apple Iphone OS Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | 3.3 |
| 2013-09-28 | CVE-2013-5160 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | 3.3 |
| 2013-09-19 | CVE-2013-5137 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | 2.6 |