Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.