CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1061 – Apple Security Advisory 2015-03-09-2
https://notcve.org/view.php?id=CVE-2015-1061
10 Mar 2015 — IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. IOSurface en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada que aprovecha la 'confusión de tipos' durante el manejo de objetos se... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 34%CPEs: 3EXPL: 1CVE-2015-1067 – Apple Security Advisory 2015-03-09-2
https://notcve.org/view.php?id=CVE-2015-1067
10 Mar 2015 — Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. Secure Transport en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 no restringe correctamente las transiciones de est... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1062 – Apple Security Advisory 2015-03-09-2
https://notcve.org/view.php?id=CVE-2015-1062
10 Mar 2015 — MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. MobileStorageMounter en Apple iOS anterior a 8.2 y Apple TV anterior a 7.1 no elimina las carpetas de imágenes de discos inválidas, lo que permite a atacantes remotos crear carpetas en localizaciones del sistema de ficheros arbitrarias a través de una aplicación manipulada. iOS 8.2 is now available and a... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1063 – Apple Security Advisory 2015-03-09-1
https://notcve.org/view.php?id=CVE-2015-1063
10 Mar 2015 — CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. CoreTelephony en Apple iOS anterior a 8.2 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y reinicio de dispositivo) a través de un mensaje de SMS Class 0. iOS 8.2 is now available and addresses null pointer dereference, code execution, buffer overflows, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1064 – Apple Security Advisory 2015-03-09-1
https://notcve.org/view.php?id=CVE-2015-1064
10 Mar 2015 — Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. Springboard en Apple iOS anterior a 8.2 permite a atacantes físicamente próximos evadir el requisito de activación y leer la pantalla inicial mediante el aprovechamiento de una caída de aplicación durante el proceso de activación. iOS 8.2 is now available and addresses null pointer dereference, code e... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1065 – Apple Security Advisory 2015-03-09-1
https://notcve.org/view.php?id=CVE-2015-1065
10 Mar 2015 — Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. Múltiples desbordamientos de buffer en iCloud Keychain en Apple iOS anterior a 8.2 y Apple OS X hasta 10.10.2 permiten a atacantes man-in-the-middle ejecutar código arbitrario mediante la modificación del flujo de datos del servidor cliente durante una recuperación de la cadena de c... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4488 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4488
28 Jan 2015 — IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no valida correctamente los metadatos de la cola de recursos, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación man... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4476 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4476
28 Jan 2015 — WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479. WebKit, utilizado en Apple iOS anterior a 8.1.3; Apple Safari anterior a 6.2.3, 7.x anterior a 7.1.3, y 8.x anterior a 8.0.3; y Apple TV anterior a 7.0.3, permite a a... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4491 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4491
28 Jan 2015 — The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Las APIs de extensiónTen el kernel en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no previene la presencia de direcciones dentro de una clave OSBundleMachOHeaders en una ... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2014-4487 – Apple Security Advisory 2015-01-27-2
https://notcve.org/view.php?id=CVE-2014-4487
28 Jan 2015 — Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X 10.10.2 and Security Update 2015-001 are now available and address... • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •