Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-07 | CVE-2011-4692 | Permissions, Privileges, and Access Controls vulnerability in multiple products WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | 5.0 |
| 2011-12-07 | CVE-2010-5070 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. | 5.0 |
| 2011-11-15 | CVE-2011-1516 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of osascript to send Apple events to the launchd daemon, a related issue to CVE-2008-7303. | 7.6 |
| 2011-11-15 | CVE-2008-7303 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. | 7.6 |
| 2011-11-11 | CVE-2011-3442 | Resource Management Errors vulnerability in Apple Iphone OS The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | 7.2 |
| 2011-11-11 | CVE-2011-3441 | Information Exposure vulnerability in Apple Iphone OS libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | 4.3 |
| 2011-11-11 | CVE-2011-3440 | Permissions, Privileges, and Access Controls vulnerability in Apple Ipad2 and Iphone OS The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | 1.2 |
| 2011-11-11 | CVE-2011-3439 | Out-Of-Bounds Write vulnerability in multiple products FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | 9.3 |
| 2011-11-11 | CVE-2011-2460 | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. | 10.0 |
| 2011-11-11 | CVE-2011-2459 | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. | 10.0 |