CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 0CVE-2013-5228 – (Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5228
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una página web manipulada, una vulnerabilidad distinta a otros CVEs de WebKit listados en APPLE-SA-2013-12-16-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebCore::DocumentOrderedMap objects. By manipulating a document's elements an attacker can free arbitrary memory and force a dangling pointer to be reused after it has been freed. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html http://support.apple.com/kb/HT6162 http://support.apple.com/kb/HT6163 https://support.apple.com/kb/HT6537 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 101EXPL: 0CVE-2013-0981
https://notcve.org/view.php?id=CVE-2013-0981
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. El controlador IOUSBDeviceFamily en la implementación USB del kernel en Apple iOS anterior a 6.1.3 y Apple TV anterior a la 5.2.1, accede a los punteros de los "pipe object" que se originan en el espacio de usuario, lo que permite a usuarios locales obtener privilegios a través de un código manipulado. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html http://support.apple.com/kb/HT5702 http://support.apple.com/kb/HT5704 •
CVSS: 4.6EPSS: 0%CPEs: 101EXPL: 0CVE-2013-0977
https://notcve.org/view.php?id=CVE-2013-0977
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. dyld en Apple iOS y Apple TV a v6.1.3 y Apple TV anterior a v5.2.1, ni gestiona adecuadamente el estado de carga de un archivo ejecutable para los del tipo "Mach-O", lo que permite a usuarios locales evitar los requerimientos de "Code-signing" a través de un archivo que contiene segmentos sobrepuestos. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html http://support.apple.com/kb/HT5702 http://support.apple.com/kb/HT5704 •
CVSS: 2.1EPSS: 0%CPEs: 101EXPL: 0CVE-2013-0978
https://notcve.org/view.php?id=CVE-2013-0978
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. El manejador "ARM prefetch" en el kernel en Apple iOS anterior a v6.1.3 y Apple TV anterior a v5.2.1, no verifica que este haya sido invocado en un contexto de cancelación, lo que facilita a usuarios locales evitar los mecanismo de protección ASLR mediante código especialmente manipulado. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html http://support.apple.com/kb/HT5702 http://support.apple.com/kb/HT5704 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.6EPSS: 0%CPEs: 31EXPL: 0CVE-2013-0964
https://notcve.org/view.php?id=CVE-2013-0964
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. El kernel en Apple iOS anterior a v6.1 y Apple TV anterior a v5.2 no valida adecuadamente los argumentos de copia, lo que permite a usuarior locales evitar las restricciones de punteros y de acceso a memoria en la primera página del kernel-memory especificando que el tamaño sea menor al de una página. • http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html http://osvdb.org/89659 http://support.apple.com/kb/HT5642 http://support.apple.com/kb/HT5643 http://www.securityfocus.com/bid/57595 • CWE-20: Improper Input Validation •