CVE-2014-4471Out-of-bounds Write in Apple Iphone OS

CWE-3996 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 25.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple ItunesApple Safari+3 more
Timeline
PublishedDec 10
Latest updateMay 14

Description

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

NVDapple/safari6.2.0+9
NVDapple/tvos7.0.1
NVDapple/itunes12.1
NVDapple/iphone_os8.1.2
Appleapple/ios8.1.3

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-6qjx-53c3-79qw: WebKit, as used in Apple Safari before 62022-05-14
OSV
CVE-2014-4471: WebKit, as used in Apple Safari before 62014-12-10

📋Vendor Advisories

3
Apple
CVE-2014-4471: iTunes 12.2
Apple
CVE-2014-4471: iOS 8.1.3
Apple
CVE-2014-4471: Apple TV 7.0.3
CVE-2014-4471 — Out-of-bounds Write in Apple Iphone OS | cvebase