Lucene search

[email protected]CVE-2014-4380

HistorySep 18, 2014 - 10:55 a.m.

CVE-2014-4380

2014-09-1810:55:09

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-4380

iohidfamily

apple

ios

apple tv

bounds checking

arbitrary code execution

kernel extension

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel’s context via a crafted application.

Affected configurations

NVD

Node

appletvosRange≤6.2

appletvosMatch6.0

appletvosMatch6.0.1

appletvosMatch6.0.2

appletvosMatch6.1

appletvosMatch6.1.1

appletvosMatch6.1.2

Node

appleiphone_osRange≤7.1.2

appleiphone_osMatch7.0

appleiphone_osMatch7.0.1

appleiphone_osMatch7.0.2

appleiphone_osMatch7.0.3

appleiphone_osMatch7.0.4

appleiphone_osMatch7.0.5

appleiphone_osMatch7.0.6

appleiphone_osMatch7.1

appleiphone_osMatch7.1.1

Node

applemac_os_xRange≤10.0.2

CPENameOperatorVersion
apple:tvosapple tvosle6.2
apple:tvosapple tvoseq6.0
apple:tvosapple tvoseq6.0.1
apple:tvosapple tvoseq6.0.2
apple:tvosapple tvoseq6.1
apple:tvosapple tvoseq6.1.1
apple:tvosapple tvoseq6.1.2

CPE	Name	Operator	Version
apple:tvos	apple tvos	le	6.2
apple:tvos	apple tvos	eq	6.0
apple:tvos	apple tvos	eq	6.0.1
apple:tvos	apple tvos	eq	6.0.2
apple:tvos	apple tvos	eq	6.1
apple:tvos	apple tvos	eq	6.1.1
apple:tvos	apple tvos	eq	6.1.2