CVE-2014-4389
published 2014-09-18CVE-2014-4389: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
3.42%
87.4th percentile
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 7.1.2 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | mac_os_x | <= 10.9.4 | — |
| apple | os_x_yosemite_v10.10.2_and_security_update_2015-001 | — | — |
| apple | tvos | <= 6.2 | — |
| apple | tvos | — | — |
| apple | tvos | — | — |
| apple | tvos | — | — |
| apple | tvos | — | — |
| apple | tvos | — | — |
| apple | tvos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jf46-wfc8-gxjc: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an applic
ghsa_unreviewed·2022-05-14
CVE-2014-4389 [HIGH] GHSA-jf46-wfc8-gxjc: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an applic
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
Project0
Deja-XNU - Project Zero
project_zero·2018-10-01·CVSS 7.8
CVE-2014-4388 [HIGH] Deja-XNU - Project Zero
Posted by Ian Beer, Google Project Zero
This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2.
State of the art
An idea I've wanted to play with for a while is to revisit old bugs and try to exploit them again, but using what I've learnt in the meantime about iOS. My hope is that it would give an insight into what the state-of-the-art of iOS exploitation could have looked like a few years ago, and might prove helpful if extrapolated forwards to think about what state-of-the-art exploitation might look like now.
So let's turn back the clock to 2014...
Pangu 7
On June 23 2014 @PanguTeam released the Pangu 7 jailbreak for iOS 7.1-7.1.x. They exploited a lot of bu
Project0
More Mac OS X and iPhone sandbox escapes and kernel bugs - Project Zero
project_zero·2014-10-01·CVSS 6.9
CVE-2014-4376 [MEDIUM] More Mac OS X and iPhone sandbox escapes and kernel bugs - Project Zero
Posted by Ian Beer
A couple of weeks ago Apple released OS X 10.9.5 and iOS 8 which fixed a number of sandbox escapes and privilege escalation bugs found by Project Zero. All-bar-one of these bugs were found via manual source code auditing where there was source and binary analysis where there wasn’t. As always, click through the bugs for proof-of-concept code and further details:
CVE-2014-4403* [ https://code.google.com/p/google-security-research/issues/detail?id=23 ] was as issue allowing a kernel ASLR bypass on OS X due to insufficient randomization of very early kernel heap allocations, the addresses of which could be leaked using the unprivileged SGDT instruction. This bug could be exploited from within any sandbox on OS X and allowed an attacker to determine the load address of t
Apple
CVE-2014-4389: OS X Yosemite v10.10.2 and Security Update 2015-001
vendor_apple·CVSS 9.3
CVE-2014-4389 [CRITICAL] CVE-2014-4389: OS X Yosemite v10.10.2 and Security Update 2015-001
Apple Security Update: About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
Product: OS X Yosemite v10.10.2 and Security Update 2015-001
CVE: CVE-2014-4389
Component: CVE-ID
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlhttp://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://support.apple.com/HT204244http://support.apple.com/kb/HT6441http://support.apple.com/kb/HT6442http://support.apple.com/kb/HT6443http://www.securityfocus.com/bid/69882http://www.securityfocus.com/bid/69950http://www.securitytracker.com/id/1030866https://exchange.xforce.ibmcloud.com/vulnerabilities/96112http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlhttp://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlhttp://support.apple.com/HT204244http://support.apple.com/kb/HT6441http://support.apple.com/kb/HT6442http://support.apple.com/kb/HT6443http://www.securityfocus.com/bid/69882http://www.securityfocus.com/bid/69950http://www.securitytracker.com/id/1030866https://exchange.xforce.ibmcloud.com/vulnerabilities/96112
2014-09-18
Published