Lucene search
AppleCVE-2014-4450HistoryOct 22, 2014 - 10:55 a.m.
CVE-2014-4450
2014-10-2210:55:02
CWE-255
apple
web.nvd.nist.gov
27
cve-2014-4450
apple ios
keyboards subsystem
typing-prediction
credentials
security vulnerability
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.7
Confidence
Low
EPSS
0.001
Percentile
50.5%
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
Affected configurations
Node
appleiphone_osRange≤8.0.2
Related
prion
prion
Design/Logic Flaw
2014-10-22 10:55:00
nvd
nvd
CVE-2014-4450
2014-10-22 10:55:02
cvelist
cvelist
CVE-2014-4450
2014-10-22 10:00:00
securityvulns
securityvulns
Apple iOS multiple security vulnerabilities
2014-11-03 00:00:00
APPLE-SA-2014-10-20-1 iOS 8.1
2014-10-27 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.7
Confidence
Low
EPSS
0.001
Percentile
50.5%
Related for CVE-2014-4450