CVE-2014-4459Apple Iphone OS vulnerability

46 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
3.8%
top 11.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple ItunesApple MAC OS X+4 more
Timeline
PublishedNov 18
Latest updateMay 14

Description

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

NVDapple/tvos< 7.0.3
NVDapple/itunes< 12.2
NVDapple/safari6.06.2.1+2
NVDapple/mac_os_x< 10.10.1
NVDapple/iphone_os< 8.1.3

🔴Vulnerability Details

2
GHSA
GHSA-h395-cmgw-5cf8: Use-after-free vulnerability in WebKit, as used in Apple OS X before 102022-05-14
OSV
CVE-2014-4459: Use-after-free vulnerability in WebKit, as used in Apple OS X before 102014-11-18

📋Vendor Advisories

43
Apple
CVE-2014-4472: Apple TV 7.0.3
Apple
CVE-2014-4469: iTunes 12.2
Apple
CVE-2014-4470: iOS 8.1.3
Apple
CVE-2015-1069: iTunes 12.2
Apple
CVE-2014-4475: iOS 8.1.3
CVE-2014-4459 — Apple Iphone OS vulnerability | cvebase