Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-20 | CVE-2012-3733 | Information Exposure vulnerability in Apple Iphone OS Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | 4.3 |
| 2012-09-20 | CVE-2012-3732 | Cryptographic Issues vulnerability in Apple Iphone OS Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. | 6.4 |
| 2012-09-20 | CVE-2012-3730 | Security Bypass vulnerability in Apple iPhone/iPad/iPod touch Prior to iOS 6 Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. network apple | 4.3 |
| 2012-09-20 | CVE-2012-3728 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | 6.9 |
| 2012-09-20 | CVE-2012-3727 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | 6.8 |
| 2012-09-20 | CVE-2012-3726 | Resource Management Errors vulnerability in Apple Iphone OS Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | 6.8 |
| 2012-09-20 | CVE-2012-3724 | Information Exposure vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | 5.0 |
| 2012-09-20 | CVE-2012-3723 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device. | 4.6 |
| 2012-09-20 | CVE-2012-3722 | Resource Management Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | 6.8 |
| 2012-09-20 | CVE-2012-3721 | Improper Authentication vulnerability in Apple mac OS X Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | 5.0 |