Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-12 | CVE-2015-1065 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. | 5.4 |
| 2015-03-12 | CVE-2015-1062 | Data Processing Errors vulnerability in Apple Iphone OS and Tvos MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. | 5.0 |
| 2015-03-11 | CVE-2015-1067 | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. | 4.3 |
| 2015-02-19 | CVE-2014-9679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Cups Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. | 6.8 |
| 2015-01-30 | CVE-2014-8840 | Cryptographic Issues vulnerability in Apple Iphone OS The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | 6.8 |
| 2015-01-30 | CVE-2014-8839 | Information Exposure vulnerability in Apple mac OS X Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL. | 5.0 |
| 2015-01-30 | CVE-2014-8838 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. | 4.3 |
| 2015-01-30 | CVE-2014-8832 | Information Exposure vulnerability in Apple mac OS X The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | 4.9 |
| 2015-01-30 | CVE-2014-8831 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. | 5.0 |
| 2015-01-30 | CVE-2014-8830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. | 6.8 |