Apple tvOS vulnerabilities

CVE-2014-4380 [CRITICAL] CWE-119 CVE-2014-4380: The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds che The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

CVE-2014-4381 [CRITICAL] CWE-119 CVE-2014-4381: Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operatio Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

CVE-2014-4405 [CRITICAL] CVE-2014-4405: IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code i IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

CVE-2014-4389 [CRITICAL] CWE-189 CVE-2014-4389: Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute ar Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

CVE-2014-4418 [HIGH] CVE-2014-4418: IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object meta IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.

CVE-2014-4422 [HIGH] CWE-310 CVE-2014-4422: The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator du The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.

CVE-2014-4375 [HIGH] CVE-2014-4375: Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain pri Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

CVE-2014-4404 [HIGH] CWE-787 CVE-2014-4404: Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

CVE-2014-4388 [HIGH] CWE-20 CVE-2014-4388: IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object meta IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.

CVE-2014-4379 [HIGH] CWE-119 CVE-2014-4379: An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

CVE-2014-4369 [HIGH] CVE-2014-4369: The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attack The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

CVE-2014-4414 [MEDIUM] CWE-119 CVE-2014-4414: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4412 [MEDIUM] CWE-119 CVE-2014-4412: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4413 [MEDIUM] CWE-119 CVE-2014-4413: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4364 [MEDIUM] CWE-310 CVE-2014-4364: The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authenticat The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

CVE-2014-4373 [MEDIUM] CVE-2014-4373: The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

CVE-2014-4378 [MEDIUM] CWE-119 CVE-2014-4378: CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

CVE-2014-4415 [MEDIUM] CWE-119 CVE-2014-4415: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4411 [MEDIUM] CWE-119 CVE-2014-4411: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4377 [MEDIUM] CWE-189 CVE-2014-4377: Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.