CVE-2014-4486 — Apple Iphone OS vulnerability

5 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.0%

top 22.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +3 more

Timeline

PublishedJan 30

Latest updateMay 14

Description

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDapple/tvos7.0.1

▶NVDapple/mac_os_x10.10.1

▶NVDapple/iphone_os8.1.2

▶Appleapple/ios8.1.3

▶Appleapple/apple_tv7.0.3

🔴Vulnerability Details

GHSA

GHSA-529p-f8cv-j372: IOAcceleratorFamily in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2014-4486: Apple TV 7.0.3↗

▶

Apple

CVE-2014-4486: iOS 8.1.3↗

▶

Apple

CVE-2014-4486: OS X Yosemite v10.10.2 and Security Update 2015-001↗

▶