Vulnerabilities > Apple > Tvos > 2.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-18 | CVE-2015-1068 | Resource Management Errors vulnerability in Apple products WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 6.8 |
| 2015-03-12 | CVE-2015-1062 | Data Processing Errors vulnerability in Apple Iphone OS and Tvos MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. | 5.0 |
| 2015-03-12 | CVE-2015-1061 | Code Injection vulnerability in Apple Iphone OS, mac OS X and Tvos IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. | 9.3 |
| 2015-03-11 | CVE-2015-1067 | Cryptographic Issues vulnerability in Apple Iphone OS, mac OS X and Tvos Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. | 4.3 |
| 2015-01-30 | CVE-2014-4496 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
| 2015-01-30 | CVE-2014-4495 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Tvos The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4492 | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. | 7.5 |
| 2015-01-30 | CVE-2014-4491 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. | 5.0 |
| 2015-01-30 | CVE-2014-4489 | Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | 10.0 |
| 2015-01-30 | CVE-2014-4488 | Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 10.0 |