ID CVE-2014-4405
Summary IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
References
Vulnerable Configurations
  • Apple iPhone OS 7.0
    cpe:2.3:o:apple:iphone_os:7.0
  • Apple iPhone OS 7.0.1
    cpe:2.3:o:apple:iphone_os:7.0.1
  • Apple iPhone OS 7.0.2
    cpe:2.3:o:apple:iphone_os:7.0.2
  • Apple iPhone OS 7.0.3
    cpe:2.3:o:apple:iphone_os:7.0.3
  • Apple iPhone OS 7.0.4
    cpe:2.3:o:apple:iphone_os:7.0.4
  • Apple iPhone OS 7.0.5
    cpe:2.3:o:apple:iphone_os:7.0.5
  • Apple iPhone OS 7.0.6
    cpe:2.3:o:apple:iphone_os:7.0.6
  • Apple iPhone OS 7.1
    cpe:2.3:o:apple:iphone_os:7.1
  • Apple iPhone OS 7.1.1
    cpe:2.3:o:apple:iphone_os:7.1.1
  • Apple iPhone OS 7.1.2
    cpe:2.3:o:apple:iphone_os:7.1.2
  • Apple tvOS 6.0
    cpe:2.3:o:apple:tvos:6.0
  • Apple tvOS 6.0.1
    cpe:2.3:o:apple:tvos:6.0.1
  • Apple tvOS 6.0.2
    cpe:2.3:o:apple:tvos:6.0.2
  • Apple tvOS 6.1
    cpe:2.3:o:apple:tvos:6.1
  • Apple tvOS 6.1.1
    cpe:2.3:o:apple:tvos:6.1.1
  • Apple tvOS 6.1.2
    cpe:2.3:o:apple:tvos:6.1.2
  • Apple tvOS 6.2
    cpe:2.3:o:apple:tvos:6.2
  • Apple Mac OS X Yosemite 10.10.2
    cpe:2.3:o:apple:mac_os_x:10.10.2
CVSS
Base: 9.3 (as of 30-09-2015 - 07:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10.NASL
    description The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78550
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78550
    title Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)
  • NASL family Misc.
    NASL id APPLETV_7_0.NASL
    description According to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 77822
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77822
    title Apple TV < 7 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-004.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82700
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82700
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_3.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 82699
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82699
    title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
refmap via4
apple
  • APPLE-SA-2014-09-17-1
  • APPLE-SA-2014-09-17-2
  • APPLE-SA-2014-10-16-1
  • APPLE-SA-2015-04-08-2
bid
  • 69882
  • 69938
confirm
sectrack 1030866
xf appleios-cve20144405-code-exec(96109)
Last major update 06-01-2017 - 22:00
Published 18-09-2014 - 06:55
Last modified 08-03-2019 - 11:06
Back to Top