CVE-2014-4480Link Following in Apple Iphone OS

CWE-59Link Following4 documents3 sources
Severity
10.0CRITICALNVD
EPSS
1.9%
top 16.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple TvosApple TV+1 more
Timeline
PublishedJan 30
Latest updateMay 14

Description

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDapple/tvos7.0.1
NVDapple/iphone_os8.1.2
Appleapple/ios8.1.3
Appleapple/apple_tv7.0.3

🔴Vulnerability Details

1
GHSA
GHSA-9r34-x38v-77c4: Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 82022-05-14

📋Vendor Advisories

2
Apple
CVE-2014-4480: Apple TV 7.0.3
Apple
CVE-2014-4480: iOS 8.1.3