Iphone Os

iphone_os

Vendor: Apple • 4,014 CVEs

CVEs (4,014)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1360 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vector...Show more Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.Show less
CVE-2014-1359 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1358 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1357 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
CVE-2014-1356 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
CVE-2014-1355 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and re...Show more The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.Show less
CVE-2014-1354 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application...Show more CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.Show less
CVE-2014-1353 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground ap...Show more Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.Show less
CVE-2014-1352 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspeci...Show more Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.Show less
CVE-2014-1351 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
CVE-2014-1350 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.
CVE-2014-1349 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.
CVE-2014-1348 1Apple 1Iphone Os May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtai...Show more Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.Show less
CVE-2014-1345 1Apple 2Iphone Os Safari May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.
CVE-2014-1325 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and...Show more WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.Show less
CVE-2014-1320 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by...Show more IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.Show less
CVE-2014-1296 1Apple 4Iphone Os Mac Os XMac Os X Server+1 more May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to...Show more CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.Show less
CVE-2014-1295 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before reneg...Show more Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."Show less
CVE-2014-1294 1Apple 2Iphone Os Tvos May 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.Show less
CVE-2014-1293 1Apple 2Iphone Os Tvos May 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294.Show less

Previous 1...177178179...201 Next