Vulnerabilities > Apple > Iphone OS > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3257 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. | 2.1 |
| 2011-10-14 | CVE-2011-3427 | Information Exposure vulnerability in Apple TV and Iphone OS The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | 2.6 |
| 2011-10-14 | CVE-2011-3429 | Credentials Management vulnerability in Apple Iphone OS The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | 2.1 |
| 2011-10-14 | CVE-2011-3431 | Information Exposure vulnerability in Apple Iphone OS The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | 2.1 |
| 2010-11-09 | CVE-2010-4211 | Improper Authentication vulnerability in Ebay Paypal The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2.9 |
| 2010-09-09 | CVE-2010-1810 | Unspecified vulnerability in Apple Iphone OS FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. network apple | 3.5 |
| 2010-07-30 | CVE-2010-2913 | Information Exposure vulnerability in Citibank Citi Mobile The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | 2.1 |
| 2010-06-22 | CVE-2010-1775 | Race Condition vulnerability in Apple Iphone OS Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. | 1.9 |
| 2009-09-10 | CVE-2009-2207 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS 3.0/3.0.1 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | 2.1 |
| 2009-09-10 | CVE-2009-2796 | Information Exposure vulnerability in Apple Iphone OS 3.0/3.0.1 The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | 2.1 |