U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): apple ios passcode
  • Search Type: Search All
There are 30 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2017-2399

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).

Published: April 01, 2017; 9:59:00 PM -0400
V3.0: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2015-5850

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

Published: September 18, 2015; 7:00:03 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1108

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:23 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

Published: April 10, 2015; 10:59:22 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-1106

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

Published: April 10, 2015; 10:59:21 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1085

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

Published: April 10, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

Published: July 01, 2014; 6:17:26 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-1351

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.

Published: July 01, 2014; 6:17:26 AM -0400
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2013-5162

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-5144

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.

Published: October 23, 2013; 11:48:48 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-5161

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.

Published: September 27, 2013; 11:40:55 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-5160

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.

Published: September 27, 2013; 11:40:55 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2013-5147

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

Published: September 19, 2013; 6:28:00 AM -0400
V3.x:(not available)
V2.0: 3.7 LOW
CVE-2013-0957

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.

Published: September 19, 2013; 6:27:55 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

Published: March 20, 2013; 10:55:04 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

Published: November 03, 2012; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2012-3740

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

Published: September 20, 2012; 5:55:04 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-3739

The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.

Published: September 20, 2012; 5:55:04 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-3738

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions.

Published: September 20, 2012; 5:55:04 PM -0400
V3.x:(not available)
V2.0: 3.6 LOW