Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable8639.PRM
HistoryMar 04, 2015 - 12:00 a.m.

Apple iOS < 8.1.3 Multiple Vulnerabilities

2015-03-0400:00:00
Tenable
www.tenable.com
18
JSON

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

  • Apple iOS is bundled with Apple WebKit. Apple WebKit is affected by several vulnerabilities which would allow a remote attacker to execute arbitrary code or crash the application. (CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2014-4459, CVE-2014-4467)
  • There is a directory-traversal flaw in the ‘afc’ component which can allow an attacker to access unintended files. (CVE-2014-4480)
  • There is a flaw in the ‘mach_port_kobject’ kernel interface which can allow an attacker to bypass the ASLR protection mechanism. (CVE-2014-4491, CVE-2014-4496)
  • The ‘iTunes Store’ component allows attackers to bypass Safari sandbox protection mechanisms. (CVE-2014-8840)
  • The app-installation functionality in ‘MobileInstallation’ is vulnerable to a flaw which would allow attackers to gain control of the local app container. (CVE-2014-4493)
  • The ‘Springboard’ module is vulnerable to a signature-bypass vulnerability. (CVE-2014-4494)
  • There is an integer overflow in CoreGraphics which allows remote code execution. (CVE-2014-4481)
  • There is a buffer overflow in FontParser which allows remote code execution. (CVE-2014-4483)
  • There is a flaw in the way that FontParser handles crafted .dfont files which leads to remote code execution. (CVE-2014-4484)
  • There is a buffer overflow in the XML parser in the Foundation component. (CVE-2014-4485)
  • The IOAcceleratorFamily does not properly handle certain data types which can lead to a NULL pointer dereference. (CVE-2014-4486)
  • There is a buffer overflow in the IOHIDFamily component. (CVE-2014-4487)
  • The IOHIDFamily component does not properly validate resource-queue metadata, allowing remote code execution. (CVE-2014-4488)
  • The IOHIDFamily component fails to properly sanitize event queues. This can lead to remote code execution. (CVE-2014-4489)
  • The kernel does not enforce read-only attributes which can allow attackers to bypass access restrictions. (CVE-2014-4495)
  • The libnetcore component fails to verify certain data types which can allow remote code execution in the _networkd context. (CVE-2014-4492)
Binary data 8639.prm
VendorProductVersionCPE
appleiphone_oscpe:/o:apple:iphone_os

References

Related

nessus 14
securityvulns 15
openvas 2
cve 21
prion 21
ubuntucve 5
zdi 3
binamuse 1
kaspersky 1
nessus
nessus
Apple TV < 7.0.3 Multiple Vulnerabilities
2015-03-04 00:00:00
Apple TV < 7.0.3 Multiple Vulnerabilities
2015-02-03 00:00:00
Mac OS X : Apple Safari < 6.2.3 / 7.1.3 / 8.0.3 Multiple Vulnerabilities
2015-01-28 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-01-27-2 iOS 8.1.3
2015-02-02 00:00:00
Apple iOS multiple security vulnerabilities
2015-02-02 00:00:00
Apple TV multiple security vulnerabilities
2015-02-02 00:00:00
openvas
openvas
Apple Safari 'Webkit' Multiple Vulnerabilities -01 (Feb 2015) - Mac OS X
2015-02-09 00:00:00
Apple Mac OS X Multiple Vulnerabilities-06 (Oct 2015)
2015-10-29 00:00:00
cve
cve
CVE-2014-4477
2015-01-30 11:59:00
CVE-2014-4479
2015-01-30 11:59:00
CVE-2014-4476
2015-01-30 11:59:00
prion
prion
Memory corruption
2015-01-30 11:59:00
Memory corruption
2015-01-30 11:59:00
Memory corruption
2015-01-30 11:59:00
ubuntucve
ubuntucve
CVE-2014-4476
2015-01-30 00:00:00
CVE-2014-4477
2015-01-30 00:00:00
CVE-2014-4479
2015-01-30 00:00:00
zdi
zdi
(Mobile Pwn2Own) Apple iOS SSL Sandbox Bypass Vulnerability
2015-01-27 00:00:00
(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
2015-01-27 00:00:00
Apple Mac OS X DFont Memory Corruption Remote Code Execution Vulnerability
2015-01-27 00:00:00
binamuse
binamuse
CoreGraphics CCITT Memory Corruption - CVE-2014-4481
2015-01-28 00:39:00
kaspersky
kaspersky
KLA10620 Multiple vulnerabilities in Apple iTunes
2015-06-30 00:00:00
JSON
Related for 8639.PRM
nessus14securityvulns15openvas2cve21prion21ubuntucve5zdi3binamuse1kaspersky1