Lucene search

[email protected]CVE-2014-4486

HistoryJan 30, 2015 - 11:59 a.m.

CVE-2014-4486

2015-01-3011:59:17

[email protected]

web.nvd.nist.gov

cve-2014-4486

apple

ios

os x

apple tv

arbitrary code execution

denial of service

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

4.7 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

Affected configurations

NVD

Node

appleiphone_osRange≤8.1.2

applemac_os_xRange≤10.10.1

appletvosRange≤7.0.1

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.1.2
apple:mac_os_xapple mac os xle10.10.1
apple:tvosapple tvosle7.0.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.1.2
apple:mac_os_x	apple mac os x	le	10.10.1
apple:tvos	apple tvos	le	7.0.1

References

lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

support.apple.com/HT204244

support.apple.com/HT204245

support.apple.com/HT204246

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

4.7 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2014-4486

nvd1 cvelist1 prion1 nessus6 securityvulns6