CVE-2014-4492

2015-01-30T11:59:00
ID CVE-2014-4492
Type cve
Reporter cve@mitre.org
Modified 2019-03-08T16:06:00

Description

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.