Vulnerabilities > Apple > Iphone OS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5147 | Race Condition vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | 3.7 |
| 2013-09-19 | CVE-2013-5150 | Information Exposure vulnerability in Apple Iphone OS The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | 1.9 |
| 2013-09-19 | CVE-2013-5153 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | 2.1 |
| 2013-09-19 | CVE-2013-5158 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | 2.1 |
| 2013-03-20 | CVE-2013-0978 | Information Exposure vulnerability in Apple Iphone OS and Tvos The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | 2.1 |
| 2013-03-20 | CVE-2013-0979 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | 1.9 |
| 2013-03-20 | CVE-2013-0980 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | 2.1 |
| 2013-01-29 | CVE-2013-0962 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | 2.6 |
| 2013-01-29 | CVE-2013-0963 | Improper Input Validation vulnerability in Apple Iphone OS Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. | 2.1 |
| 2013-01-29 | CVE-2013-0964 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. | 3.6 |