Lucene search

AppleCVELIST:CVE-2014-4455

HistoryNov 18, 2014 - 11:00 a.m.

CVE-2014-4455

2014-11-1811:00:00

apple

www.cve.org

AI Score

5.2

Confidence

Low

EPSS

Percentile

10.1%

JSON

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

References

lists.apple.com/archives/security-announce/2014/Nov/msg00000.html

lists.apple.com/archives/security-announce/2014/Nov/msg00002.html

lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

support.apple.com/HT204245

support.apple.com/HT204246

www.securityfocus.com/bid/71140

www.securitytracker.com/id/1031231

exchange.xforce.ibmcloud.com/vulnerabilities/98773

support.apple.com/en-us/HT204418

support.apple.com/en-us/HT204420

support.apple.com/en-us/HT6590

support.apple.com/en-us/HT6592