CVE-2014-4465Improper Input Validation in Apple Iphone OS

CWE-20Improper Input ValidationCWE-416Use After Free7 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.0%
top 23.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelApple Iphone OSApple Safari+3 more
Timeline
PublishedDec 10
Latest updateOct 15

Description

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

NVDapple/safari6.2.0+2
NVDapple/tvos7.0.1
NVDapple/iphone_os8.1.2
Appleapple/ios8.1.3
Appleapple/apple_tv7.0.3

🔴Vulnerability Details

3
OSV
media: rc: fix races with imon_disconnect()2025-10-15
GHSA
GHSA-j74r-g3fg-pr4g: WebKit in Apple Safari before 62022-05-14
OSV
CVE-2014-4465: WebKit in Apple Safari before 62014-12-10

📋Vendor Advisories

2
Apple
CVE-2014-4465: Apple TV 7.0.3
Apple
CVE-2014-4465: iOS 8.1.3
CVE-2014-4465 — Improper Input Validation in Apple | cvebase