CVE-2014-4455Apple Iphone OS vulnerability

CWE-2645 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple TvosApple TV+1 more
Timeline
PublishedNov 18
Latest updateMay 14

Description

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

NVDapple/tvos7.0.1+10
NVDapple/iphone_os8.1.2
Appleapple/ios8.1.3
Appleapple/apple_tv7.0.3

🔴Vulnerability Details

1
GHSA
GHSA-h6rh-gf53-574g: dyld in Apple iOS before 82022-05-14

📋Vendor Advisories

2
Apple
CVE-2014-4455: Apple TV 7.0.3
Apple
CVE-2014-4455: iOS 8.1.3

💬Community

1
Bugzilla
CVE-2014-5031 cups: world-readable permissions2014-08-11