CVE-2014-4422 — Apple Iphone OS vulnerability

CWE-3102 documents2 sources

Severity

8.1HIGHNVD

EPSS

1.7%

top 17.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos

Timeline

PublishedSep 18

Latest updateMay 14

Description

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDapple/tvos6.2+6

▶NVDapple/iphone_os7.1.2+9

🔴Vulnerability Details

GHSA

GHSA-m423-xcxx-rppr: The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which↗2022-05-14

▶