Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-24 | CVE-2013-5165 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | 6.4 |
| 2013-10-24 | CVE-2013-5136 | Information Exposure vulnerability in Apple Remote Desktop Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. | 4.3 |
| 2013-10-04 | CVE-2013-5163 | Improper Authentication vulnerability in Apple mac OS X Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | 6.6 |
| 2013-09-28 | CVE-2013-5161 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | 4.4 |
| 2013-09-20 | CVE-2013-1130 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | 6.8 |
| 2013-09-19 | CVE-2013-5159 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | 4.3 |
| 2013-09-19 | CVE-2013-5157 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | 5.0 |
| 2013-09-19 | CVE-2013-5156 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | 4.3 |
| 2013-09-19 | CVE-2013-5154 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | 4.3 |
| 2013-09-19 | CVE-2013-5152 | Improper Input Validation vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | 4.3 |