Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-4389 — Apple Iphone OS vulnerability

CWE-1896 documents5 sources

Severity

9.3CRITICALNVD

EPSS

1.7%

top 17.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +1 more

Timeline

PublishedSep 18

Latest updateMay 14

Description

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDapple/tvos6.2+6

▶NVDapple/mac_os_x10.9.4

▶NVDapple/iphone_os7.1.2+9

▶Appleapple/os_x_yosemite_v10.10.2_and_security_update_2015-001

🔴Vulnerability Details

GHSA

GHSA-jf46-wfc8-gxjc: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an applic↗2022-05-14

▶

Project0

Deja-XNU - Project Zero↗2018-10-01

▶

Project0

More Mac OS X and iPhone sandbox escapes and kernel bugs - Project Zero↗2014-10-01

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS/macOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport↗2018-10-22

▶

📋Vendor Advisories

Apple

CVE-2014-4389: OS X Yosemite v10.10.2 and Security Update 2015-001↗

▶