Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-03-20 | CVE-2013-0980 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | 2.1 |
2013-03-20 | CVE-2013-0979 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | 1.9 |
2013-03-20 | CVE-2013-0978 | Information Exposure vulnerability in Apple Iphone OS and Tvos The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | 2.1 |
2013-03-20 | CVE-2013-0977 | Security Bypass vulnerability in Apple Iphone OS and Tvos dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | 4.6 |
2013-03-15 | CVE-2013-0976 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. | 6.8 |
2013-03-15 | CVE-2013-0973 | Remote Code Execution vulnerability in Apple Mac OS X Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. network apple | 6.8 |
2013-03-15 | CVE-2013-0971 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | 6.8 |
2013-03-15 | CVE-2013-0970 | Security Bypass vulnerability in Apple mac OS X 10.8.0/10.8.1/10.8.2 Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. network apple | 4.3 |
2013-03-15 | CVE-2013-0969 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.8.0/10.8.1/10.8.2 Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | 4.9 |
2013-03-15 | CVE-2013-0967 | Security Bypass vulnerability in Apple Mac OS X CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. network apple | 4.3 |