Apple iOS vulnerabilities

CVE-2013-0959 [MEDIUM] CWE-119 CVE-2013-0959: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

CVE-2013-0955 [MEDIUM] CWE-119 CVE-2013-0955: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

CVE-2013-0948 [MEDIUM] CWE-119 CVE-2013-0948: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

CVE-2013-0963 [LOW] CWE-20 CVE-2013-0963: Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID ce Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

CVE-2013-0962 [LOW] CWE-79 CVE-2013-0962: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remo Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.

CVE-2013-0964 [LOW] CWE-20 CVE-2013-0964: The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and cop The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

CVE-2012-0841 [MEDIUM] CWE-399 CVE-2012-0841: libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

CVE-2012-5134 [MEDIUM] CWE-119 CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

CVE-2012-2619 [HIGH] CWE-20 CVE-2012-2619: The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyoce The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.

CVE-2012-3748 [MEDIUM] CWE-362 CVE-2012-3748: Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers t Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

CVE-2012-3749 [MEDIUM] CWE-200 CVE-2012-3749: The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses th The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

CVE-2012-3750 [LOW] CWE-264 CVE-2012-3750: The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

CVE-2012-5112 [CRITICAL] CWE-399 CVE-2012-5112: Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22 Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-2889 [MEDIUM] CWE-79 CVE-2012-2889: Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attacker Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

CVE-2012-3736 [MEDIUM] CWE-264 CVE-2012-3736: The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypa The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call.

CVE-2012-3732 [MEDIUM] CWE-310 CVE-2012-3732: Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, wh Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.

CVE-2012-3727 [MEDIUM] CWE-119 CVE-2012-3727: Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbi Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

CVE-2012-3746 [MEDIUM] CWE-310 CVE-2012-3746: UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which al UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.

CVE-2012-3744 [MEDIUM] CVE-2012-3744: Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.

CVE-2012-3726 [MEDIUM] CWE-399 CVE-2012-3726: Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitr Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.