Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html | Broken Link |
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html | Broken Link |
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html | Broken Link |
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | Mailing List Vendor Advisory |
http://support.apple.com/kb/HT6441 | Vendor Advisory |
http://support.apple.com/kb/HT6442 | Vendor Advisory |
http://www.securityfocus.com/bid/69882 | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/69947 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1030866 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/96111 | Third Party Advisory VDB Entry |
https://support.apple.com/HT204659 | Vendor Advisory |
https://support.apple.com/kb/HT6535 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jul 2024, 16:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 7.8 |
CWE | CWE-787 | |
References | () http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html - Broken Link | |
References | () http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html - Broken Link | |
References | () http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html - Broken Link | |
References | () http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Mailing List, Vendor Advisory | |
References | () http://support.apple.com/kb/HT6441 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT6442 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/69882 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/69947 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1030866 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/96111 - Third Party Advisory, VDB Entry | |
References | () https://support.apple.com/kb/HT6535 - Vendor Advisory |
Information
Published : 2014-09-18 10:55
Updated : 2024-07-24 16:04
NVD link : CVE-2014-4404
Mitre link : CVE-2014-4404
CVE.ORG link : CVE-2014-4404
JSON object : View
Products Affected
apple
- iphone_os
- mac_os_x
- tvos
CWE
CWE-787
Out-of-bounds Write