CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7133
https://notcve.org/view.php?id=CVE-2017-7133
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100892 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7118
https://notcve.org/view.php?id=CVE-2017-7118
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafted image. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100892 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7088
https://notcve.org/view.php?id=CVE-2017-7088
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100892 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 • CWE-275: Permission Issues •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7085
https://notcve.org/view.php?id=CVE-2017-7085
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/100895 http://www.securitytracker.com/id/1039384 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 https://support.apple.com/HT208116 • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 0%CPEs: 30EXPL: 0CVE-2017-14315
https://notcve.org/view.php?id=CVE-2017-14315
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings. En Apple iOS 7 hasta la versión 9, debido a un error "BlueBorne" en la implementación de LEAP (Low Energy Audio Protocol), se puede enviar un comando de audio largo a un dispositivo objetivo y desencadenar un desbordamiento de memoria dinámica (heap) con datos controlados por el atacante. Los comandos de audio enviados a través de LEAP no se validan correctamente, por lo que un atacante podría emplear este desbordamiento para obtener el control total del dispositivo mediante los privilegios relativamente elevados de la pila Bluetooth en iOS. • http://seclists.org/fulldisclosure/2019/May/24 http://www.securityfocus.com/bid/100816 https://seclists.org/bugtraq/2019/May/30 https://support.apple.com/kb/HT210121 https://www.armis.com/blueborne • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •