Page 15 of 164 results (0.006 seconds)

CVSS: 6.4EPSS: 0%CPEs: 40EXPL: 0

Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. Mail en Apple iOS anterior a v6 utiliza una dirección "desde" del tipo S/MIME para mostrar la dirección de envío, lo que permite a atacantes remotos suplantar el contenido firmado a través de un correo en el que el campo "From" (desde) no valida la identidad del firmante. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85625 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78719 • CWE-310: Cryptographic Issues •

CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0

The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. El interprete BPF (Berkeley Packet Filter) en el kernel de Apple iOS anterior a v6 acceder a regiones de memoria sin inicializar, lo que permite a usuarios locales obtener información sensible acerca de la memoria del kernel a través de un programa manipulado que utiliza la interfaz BPF. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85627 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78724 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0

Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. Telephony en Apple iOS antes de v6 utiliza la dirección de retorno de mensaje SMS como dirección de remitente muestra, lo que permite a atacantes remotos falsear las comunicaciones de texto en las que la dirección de retorno no coincide con la dirección de origen. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85622 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78687 •

CVSS: 3.6EPSS: 0%CPEs: 40EXPL: 0

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. La pantalla "Marcador de Emergencia" en la implementación del "Bloqueo con código" en Apple iOS antes de v6 no limita adecuadamente los métodos de marcación, lo que permite eludir las restricciones de acceso a atacantes físicamente próximos y realizar llamadas FaceTime a través de la marcación por voz, u obtener información sensible del contacto al intentar hacer una llamada FaceTime y leer las sugerencias del contacto. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85620 http://support.apple.com/kb/HT5503 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. La implementación Passcode Lock en Apple iOS anterior a la v6 no interactua adecuadamente con la característica "Silide to power off", lo que permite a atacantes físicos visualizar las aplicaciones recientes a través de la visualizacion de la pantalla del dispositivo. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85640 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •