CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3741
https://notcve.org/view.php?id=CVE-2012-3741
20 Sep 2012 — The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. La implementación de las Restricciones del Control parental en Apple iOS 6 no trata correctamente los intentos de compra, después de una acción "Deshabilitar restricciones", lo que permite a usuarios locales eludir la autenticació... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3740
https://notcve.org/view.php?id=CVE-2012-3740
20 Sep 2012 — The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. La implementación Passcode Lock en Apple iOS anterior a la v6 no maneja adecuadamente el estado cerrado, lo que permite a atacantes físicos evitar el código de acceso al terminal a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3743
https://notcve.org/view.php?id=CVE-2012-3743
20 Sep 2012 — The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. La implementación de System Logs en Apple iOS antes de v6, no restringe el acceso a /var/log a las aplicaciones aisladas, lo que permite a atacantes remotos obtener información sensible a través de aplicaciones modificadas que leen archivos de log. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3724
https://notcve.org/view.php?id=CVE-2012-3724
20 Sep 2012 — CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. CFNetwork en Apple iOS anterior a v6 no identifica adecuadamente el host en una parte de la URL, lo que permite a atacantes remotos obtener información sensible aprovechando la construcción de una petición HTTP con un nombre de host incorrecto derivado de u... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3733
https://notcve.org/view.php?id=CVE-2012-3733
20 Sep 2012 — Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. Messages en Apple iOS anterior a v6, cuando múltiples direcciones de iMessage están configuradas, no verifican que la dirección de envío en la respuesta coincida con... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3738
https://notcve.org/view.php?id=CVE-2012-3738
20 Sep 2012 — The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. La pantalla "Marcador de Emergencia" en la implementación del "Bloqueo con código" en Apple iOS antes de v6 no limita adecuadamente los ... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3739
https://notcve.org/view.php?id=CVE-2012-3739
20 Sep 2012 — The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. La implementación Passcode Lock en Apple iOS anterior a la v6 permite a atacantes físicos evitar el código de acceso al terminal a través de vectores no especificados relativos al uso de la cámara. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 136EXPL: 0CVE-2012-3701
https://notcve.org/view.php?id=CVE-2012-3701
13 Sep 2012 — WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit, como se utiliza en Apple iTunes anterior a v10.7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web diseñado, una vul... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 136EXPL: 0CVE-2012-3621
https://notcve.org/view.php?id=CVE-2012-3621
13 Sep 2012 — WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit, como se utiliza en Apple iTunes anterior a v10.7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web diseñado, una vul... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 136EXPL: 0CVE-2012-3606
https://notcve.org/view.php?id=CVE-2012-3606
13 Sep 2012 — WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit, como se utiliza en Apple iTunes anterior a v10.7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web diseñado, una vul... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •