Apple

iPhone OS

3848 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-5154

  • EPSS 0.29%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted applicati...

7.1

CVE-2013-5155

  • EPSS 0.46%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.

4.3

CVE-2013-5156

  • EPSS 0.3%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

5

CVE-2013-5157

  • EPSS 0.29%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.

2.1

CVE-2013-5158

  • EPSS 0.07%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.

4.3

CVE-2013-5159

  • EPSS 0.29%
  • Veröffentlicht 19.09.2013 10:28:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

2.6

CVE-2013-5137

  • EPSS 0.37%
  • Veröffentlicht 19.09.2013 10:28:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.

4.7

CVE-2013-5138

  • EPSS 0.05%
  • Veröffentlicht 19.09.2013 10:28:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.

9.3

CVE-2013-5139

  • EPSS 1.17%
  • Veröffentlicht 19.09.2013 10:28:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.

7.8

CVE-2013-5140

  • EPSS 0.66%
  • Veröffentlicht 19.09.2013 10:28:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.