CVE-2014-4449Apple Iphone OS vulnerability

CWE-3102 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 41.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Iphone OS
Timeline
PublishedOct 22
Latest updateMay 17

Description

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/iphone_os8.0.2

🔴Vulnerability Details

1
GHSA
GHSA-xgg4-4xqq-22x3: iCloud Data Access in Apple iOS before 82022-05-17
CVE-2014-4449 — Apple Iphone OS vulnerability | cvebase