CVE-2014-4448
- EPSS 0.19%
- Veröffentlicht 22.10.2014 10:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVE-2014-4449
- EPSS 0.7%
- Veröffentlicht 22.10.2014 10:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4450
- EPSS 0.31%
- Veröffentlicht 22.10.2014 10:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within u...
CVE-2014-3192
- EPSS 1.67%
- Veröffentlicht 08.10.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of...
CVE-2014-3187
- EPSS 0.81%
- Veröffentlicht 08.10.2014 10:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted we...
CVE-2014-4409
- EPSS 1.75%
- Veröffentlicht 18.09.2014 10:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing.
CVE-2014-4410
- EPSS 2.76%
- Veröffentlicht 18.09.2014 10:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit ...
CVE-2014-4411
- EPSS 2.78%
- Veröffentlicht 18.09.2014 10:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit ...
CVE-2014-4412
- EPSS 2.87%
- Veröffentlicht 18.09.2014 10:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit ...
CVE-2014-4413
- EPSS 2.76%
- Veröffentlicht 18.09.2014 10:55:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit ...