CVE-2014-4457Apple Iphone OS vulnerability

CWE-2642 documents2 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Iphone OS
Timeline
PublishedNov 18
Latest updateMay 17

Description

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapple/iphone_os8.1+3

🔴Vulnerability Details

1
GHSA
GHSA-vx6j-975v-q7xp: The Sandbox Profiles subsystem in Apple iOS before 82022-05-17
CVE-2014-4457 — Apple Iphone OS vulnerability | cvebase