CVSS: 3.6EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3738
https://notcve.org/view.php?id=CVE-2012-3738
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. La pantalla "Marcador de Emergencia" en la implementación del "Bloqueo con código" en Apple iOS antes de v6 no limita adecuadamente los métodos de marcación, lo que permite eludir las restricciones de acceso a atacantes físicamente próximos y realizar llamadas FaceTime a través de la marcación por voz, u obtener información sensible del contacto al intentar hacer una llamada FaceTime y leer las sugerencias del contacto. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85620 http://support.apple.com/kb/HT5503 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3735
https://notcve.org/view.php?id=CVE-2012-3735
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. La implementación Passcode Lock en Apple iOS anterior a la v6 no interactua adecuadamente con la característica "Silide to power off", lo que permite a atacantes físicos visualizar las aplicaciones recientes a través de la visualizacion de la pantalla del dispositivo. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85640 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3733
https://notcve.org/view.php?id=CVE-2012-3733
Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. Messages en Apple iOS anterior a v6, cuando múltiples direcciones de iMessage están configuradas, no verifican que la dirección de envío en la respuesta coincida con la dirección original de recepción, lo que permite a atacantes remotos obtener información sensible de direcciones de e-mail alternativas en determinadas circunstancias mediante la lectura de la respuesta. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85624 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3741
https://notcve.org/view.php?id=CVE-2012-3741
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. La implementación de las Restricciones del Control parental en Apple iOS 6 no trata correctamente los intentos de compra, después de una acción "Deshabilitar restricciones", lo que permite a usuarios locales eludir la autenticación Apple ID en una aplicación que realiza transacciones de compra. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78721 • CWE-287: Improper Authentication •
CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3739
https://notcve.org/view.php?id=CVE-2012-3739
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. La implementación Passcode Lock en Apple iOS anterior a la v6 permite a atacantes físicos evitar el código de acceso al terminal a través de vectores no especificados relativos al uso de la cámara. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 • CWE-264: Permissions, Privileges, and Access Controls •