CVE-2014-4491

🗓️ 30 Jan 2015 11:00:00Reported by appleType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 51 Views

The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app

Reporter	Title	Published	Views	Family All 18
Tenable Nessus	Apple iOS < 8.1.3 Multiple Vulnerabilities	4 Mar 201500:00	–	nessus
Tenable Nessus	Apple TV < 7.0.3 Multiple Vulnerabilities	4 Mar 201500:00	–	nessus
Tenable Nessus	Mac OS X < 10.10.2 Multiple Vulnerabilities	4 Mar 201500:00	–	nessus
Tenable Nessus	Apple TV < 7.0.3 Multiple Vulnerabilities	3 Feb 201500:00	–	nessus
Tenable Nessus	Apple iOS < 8.1.3 Multiple Vulnerabilities	28 Jan 201500:00	–	nessus
Tenable Nessus	Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)	29 Jan 201500:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)	29 Jan 201500:00	–	nessus
CNVD	Apple TV and iOS API-related kernel extension information disclosure vulnerability	30 Jan 201500:00	–	cnvd
Cvelist	CVE-2014-4491	30 Jan 201511:00	–	cvelist
EUVD	EUVD-2014-4418	7 Oct 202500:30	–	euvd

NVD

Node

apple iphone_osRange≤8.1.2

apple mac_os_xRange≤10.10.1

apple tvosRange≤7.0.1

Source	Link
securitytracker	www.securitytracker.com/id/1031650
lists	www.lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
support	www.support.apple.com/HT204244
support	www.support.apple.com/HT204246
lists	www.lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
support	www.support.apple.com/HT204245
lists	www.lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

06 May 2026 22:30Current

2.9Low risk

Vulners AI Score2.9

CVSS 25

EPSS0.00524

CWE-200