The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.