Summary
Detail | |||
---|---|---|---|
Vendor | Apple | First view | 2011-07-19 |
Product | Iphone Os | Last view | 2020-02-12 |
Version | 4.3.2 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:apple:iphone_os |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2020-02-12 | CVE-2014-8128 | LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. |
9.8 | 2016-07-21 | CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. |
9.8 | 2016-07-21 | CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. |
5.4 | 2016-07-21 | CVE-2016-4604 | Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. |
6.5 | 2016-07-21 | CVE-2016-4592 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. |
7.5 | 2016-07-21 | CVE-2016-4591 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. |
5.4 | 2016-07-21 | CVE-2016-4590 | WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
8.8 | 2016-07-21 | CVE-2016-4589 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. |
6.5 | 2016-07-21 | CVE-2016-4587 | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. |
6.1 | 2016-07-21 | CVE-2016-4585 | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. |
3.1 | 2016-07-21 | CVE-2016-4583 | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. |
10 | 2015-09-18 | CVE-2015-5895 | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. |
4.3 | 2015-08-16 | CVE-2015-3729 | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. |
5 | 2014-03-14 | CVE-2013-6835 | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. |
4.3 | 2012-05-08 | CVE-2012-0674 | Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. |
1.2 | 2011-11-11 | CVE-2011-3440 | The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
4.3 | 2011-10-14 | CVE-2011-3254 | Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. |
2.6 | 2011-10-14 | CVE-2011-3253 | CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. |
9.3 | 2011-07-19 | CVE-2011-0226 | Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
11% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
11% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
11% (2) | CWE-20 | Improper Input Validation |
5% (1) | CWE-787 | Out-of-bounds Write |
5% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
5% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (1) | CWE-362 | Race Condition |
5% (1) | CWE-284 | Access Control (Authorization) Issues |
5% (1) | CWE-254 | Security Features |
5% (1) | CWE-200 | Information Exposure |
5% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
77013 | Apple iOS for iPad 2 Smart Cover User Data Disclosure |
76320 | Apple iOS Calendar Invitation Note Parsing XSS |
76319 | Apple iOS CalDAV Calendar Server SSL Certificate Verification Weakness Remote... |
73661 | FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli... |
OpenVAS Exploits
id | Description |
---|---|
2012-06-06 | Name : RedHat Update for freetype RHSA-2011:1085-01 File : nvt/gb_RHSA-2011_1085-01_freetype.nasl |
2012-04-26 | Name : Fedora Update for freetype FEDORA-2012-5422 File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-09 (FreeType) File : nvt/glsa_201201_09.nasl |
2011-12-05 | Name : Fedora Update for freetype FEDORA-2011-15964 File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl |
2011-12-02 | Name : Fedora Update for freetype FEDORA-2011-15956 File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl |
2011-11-11 | Name : Fedora Update for freetype FEDORA-2011-14749 File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2294-1 (freetype) File : nvt/deb_2294_1.nasl |
2011-09-21 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype23.nasl |
2011-09-07 | Name : Fedora Update for freetype FEDORA-2011-9525 File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl |
2011-08-02 | Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2) File : nvt/gb_mandriva_MDVSA_2011_120.nasl |
2011-07-27 | Name : Ubuntu Update for freetype USN-1173-1 File : nvt/gb_ubuntu_USN_1173_1.nasl |
0000-00-00 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype24.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-23 | FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43677 - Type : FILE-PDF - Revision : 2 |
2017-08-23 | FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43676 - Type : FILE-PDF - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-11-21 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-324-01.nasl - Type: ACT_GATHER_INFO |
2016-11-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-693.nasl - Type: ACT_GATHER_INFO |
2016-09-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3079-1.nasl - Type: ACT_GATHER_INFO |
2016-09-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-610.nasl - Type: ACT_GATHER_INFO |
2016-09-02 | Name: The remote Fedora host is missing a security update. File: fedora_2016-d957ffbac1.nasl - Type: ACT_GATHER_INFO |
2016-08-29 | Name: The remote Fedora host is missing a security update. File: fedora_2016-4728dfe3ec.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO |
2016-07-21 | Name: The remote host is missing a Mac OS X security update that fixes multiple vul... File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host is running an application that is affected by multiple vulner... File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host contains an application that is affected by multiple vulnerab... File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO |
2016-07-19 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: macosx_Safari9_1_2.nasl - Type: ACT_GATHER_INFO |
2016-02-25 | Name: An application running on the remote host is affected by multiple remote code... File: nessus_sqlite_multiple.nasl - Type: ACT_GATHER_INFO |
2015-09-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1475-1.nasl - Type: ACT_GATHER_INFO |
2015-08-24 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1420-1.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_SecUpd2015-006.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The web browser installed on the remote host is affected by multiple vulnerab... File: macosx_Safari8_0_8.nasl - Type: ACT_GATHER_INFO |
2015-08-17 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO |
2015-07-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-476.nasl - Type: ACT_GATHER_INFO |
2015-05-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3273.nasl - Type: ACT_GATHER_INFO |
2015-05-18 | Name: The remote Debian host is missing a security update. File: debian_DLA-221.nasl - Type: ACT_GATHER_INFO |
2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-147.nasl - Type: ACT_GATHER_INFO |
2015-03-10 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-207.nasl - Type: ACT_GATHER_INFO |
2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_libfxt_20141107.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_freetype2-110722.nasl - Type: ACT_GATHER_INFO |