CVE-2014-4461Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
1.9%
top 16.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple MAC OS XApple Tvos+1 more
Timeline
PublishedNov 18
Latest updateMay 14

Description

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDapple/tvos7.0.1+9
NVDapple/mac_os_x10.10.1+3
NVDapple/iphone_os8.1+3

🔴Vulnerability Details

2
GHSA
GHSA-r7m3-66qf-cgxx: The kernel in Apple iOS before 82022-05-14
Project0
Deja-XNU - Project Zero2018-10-01

📋Vendor Advisories

1
Apple
CVE-2014-4461: OS X Yosemite v10.10.2 and Security Update 2015-001