CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3745
https://notcve.org/view.php?id=CVE-2012-3745
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. Una vulnerabilidad de "error por uno" en Telephony en Apple iOS antes de v6 permite a atacantes remotos causar una denegación de servicio (interrupción por desbordamiento de búfer y perdida de conectividad) a través de una cabecera de datos de usuario modificada a mano en un mensaje SMS. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3741
https://notcve.org/view.php?id=CVE-2012-3741
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. La implementación de las Restricciones del Control parental en Apple iOS 6 no trata correctamente los intentos de compra, después de una acción "Deshabilitar restricciones", lo que permite a usuarios locales eludir la autenticación Apple ID en una aplicación que realiza transacciones de compra. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78721 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3746
https://notcve.org/view.php?id=CVE-2012-3746
UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. UIWebView en UIKit en Apple iOS en versiones anteriores a 6 no utiliza adecuadamente la característica Data Protection, lo que permite a atacantes dependientes de contexto obtener contenido de archivo de texto plano aprovechando el acceso directo al sistema de archivo de un dispositivo. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85633 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78706 • CWE-310: Cryptographic Issues •
CVSS: 1.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3729
https://notcve.org/view.php?id=CVE-2012-3729
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. El interprete BPF (Berkeley Packet Filter) en el kernel de Apple iOS anterior a v6 acceder a regiones de memoria sin inicializar, lo que permite a usuarios locales obtener información sensible acerca de la memoria del kernel a través de un programa manipulado que utiliza la interfaz BPF. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85627 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78724 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3735
https://notcve.org/view.php?id=CVE-2012-3735
The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. La implementación Passcode Lock en Apple iOS anterior a la v6 no interactua adecuadamente con la característica "Silide to power off", lo que permite a atacantes físicos visualizar las aplicaciones recientes a través de la visualizacion de la pantalla del dispositivo. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85640 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •