Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-18 | CVE-2014-4407 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | 4.3 |
| 2014-09-18 | CVE-2014-4383 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | 4.3 |
| 2014-09-18 | CVE-2014-4378 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | 5.8 |
| 2014-09-18 | CVE-2014-4377 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
| 2014-09-18 | CVE-2014-4374 | XML External Entity Information Disclosure vulnerability in Apple Iphone OS and mac OS X NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
| 2014-09-18 | CVE-2014-4368 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | 6.9 |
| 2014-09-18 | CVE-2014-4366 | Credentials Management vulnerability in Apple Iphone OS Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | 5.0 |
| 2014-09-18 | CVE-2014-4363 | Credentials Management vulnerability in Apple Iphone OS and Safari Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | 5.0 |
| 2014-09-18 | CVE-2014-4362 | Information Exposure vulnerability in Apple Iphone OS The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | 5.0 |
| 2014-09-18 | CVE-2014-4361 | Information Exposure vulnerability in Apple Iphone OS The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | 5.0 |