U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): lock screen
  • Search Type: Search All
  • CPE Vendor: cpe:/:apple
  • CPE Product: cpe:/:apple:iphone_os
There are 54 matching records.
Displaying matches 41 through 54.
Vuln ID Summary CVSS Severity
CVE-2015-1108

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:23 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:22 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-1106

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

Published: April 10, 2015; 10:59:21 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-4368

The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.

Published: September 18, 2014; 6:55:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.

Published: September 18, 2014; 6:55:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4356

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Published: September 18, 2014; 6:55:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1353

Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.

Published: July 01, 2014; 6:17:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

Published: July 01, 2014; 6:17:26 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-1286

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.

Published: March 14, 2014; 6:55:06 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1274

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.

Published: March 14, 2014; 6:55:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-3738

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.

Published: September 20, 2012; 5:55:04 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2012-3735

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.

Published: September 20, 2012; 5:55:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4012

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.

Published: December 08, 2010; 3:00:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2008-4230

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.

Published: November 25, 2008; 6:30:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 1.9 LOW