CVE-2014-4496 — Apple Iphone OS vulnerability

CWE-2645 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple About Security Update 2015-002 +2 more

Timeline

PublishedJan 30

Latest updateMay 14

Description

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDapple/tvos7.0.1

▶NVDapple/iphone_os8.1.2

▶Appleapple/ios8.1.3

▶Appleapple/apple_tv7.0.3

▶Appleapple/about_security_update_2015-002

🔴Vulnerability Details

GHSA

GHSA-57q7-rq38-5jvv: The mach_port_kobject interface in the kernel in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2014-4496: iOS 8.1.3↗

▶

Apple

CVE-2014-4496: About Security Update 2015-002↗

▶

Apple

CVE-2014-4496: Apple TV 7.0.3↗

▶