CVE-2014-4489 — Apple Iphone OS vulnerability

5 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.0%

top 22.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +3 more

Timeline

PublishedJan 30

Latest updateMay 14

Description

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDapple/tvos7.0.1

▶NVDapple/mac_os_x10.10.1

▶NVDapple/iphone_os8.1.2

▶Appleapple/ios8.1.3

▶Appleapple/apple_tv7.0.3

🔴Vulnerability Details

GHSA

GHSA-5mv6-w29g-vx5q: IOHIDFamily in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2014-4489: OS X Yosemite v10.10.2 and Security Update 2015-001↗

▶

Apple

CVE-2014-4489: iOS 8.1.3↗

▶

Apple

CVE-2014-4489: Apple TV 7.0.3↗

▶