syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and. Rated low severity (CVSS 1.9). No vendor patch available.
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. Rated low severity (CVSS 1.9). No vendor patch available.
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. Rated low severity (CVSS 1.9). No vendor patch available.