CVE-2014-4487 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents3 sources

Severity

10.0CRITICALNVD

EPSS

2.4%

top 14.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +3 more

Timeline

PublishedJan 30

Latest updateMay 14

Description

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDapple/tvos7.0.1

▶NVDapple/mac_os_x10.10.1

▶NVDapple/iphone_os8.1.2

▶Appleapple/ios8.1.3

▶Appleapple/apple_tv7.0.3

🔴Vulnerability Details

GHSA

GHSA-rmvj-rx6q-26wc: Buffer overflow in IOHIDFamily in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2014-4487: OS X Yosemite v10.10.2 and Security Update 2015-001↗

▶

Apple

CVE-2014-4487: Apple TV 7.0.3↗

▶

Apple

CVE-2014-4487: iOS 8.1.3↗

▶