cvelistv5 - cve-2014-1361

CVE-2014-1361 (GCVE-0-2014-1361)

Vulnerability from cvelistv5

Published

2014-07-01 10:00

Modified

2024-08-06 09:42

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-8gjh-39j4-6x54

Vulnerability from github

Published

2022-05-14 01:26

Modified

2022-05-14 01:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-01T10:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.",
  "id": "GHSA-8gjh-39j4-6x54",
  "modified": "2022-05-14T01:26:42Z",
  "published": "2022-05-14T01:26:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1361"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030500"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple OS X Mavericks v10.9.4 et versions antérieures
Apple	Safari	Apple Safari 7.0.5 et versions antérieures
Apple	N/A	Apple TV 6.1.2 et versions antérieures
Apple	N/A	Apple OS X Mountain Lion v10.8.5 et versions antérieures
Apple	N/A	Apple OS X Lion v10.7.5 et versions antérieures
Apple	Safari	Apple Safari 6.1.5 et versions antérieures
Apple	N/A	Apple iOS 7.1.2 et versions antérieures
Apple	N/A	Apple OS X Lion Server v10.7.5 et versions antérieures

References

Title

Publication Time

gsd-2014-1361

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-1361

Aliases

CVE-2014-1361

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1361",
    "description": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.",
    "id": "GSD-2014-1361"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1361"
      ],
      "details": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.",
      "id": "GSD-2014-1361",
      "modified": "2023-12-13T01:22:51.373215Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1361",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT6296",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6296"
          },
          {
            "name": "APPLE-SA-2014-06-30-2",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
          },
          {
            "name": "APPLE-SA-2014-06-30-4",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
          },
          {
            "name": "APPLE-SA-2014-06-30-3",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
          },
          {
            "name": "59475",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59475"
          },
          {
            "name": "1030500",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030500"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1361"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2014-06-30-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
            },
            {
              "name": "APPLE-SA-2014-06-30-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
            },
            {
              "name": "APPLE-SA-2014-06-30-4",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6296",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT6296"
            },
            {
              "name": "59475",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59475"
            },
            {
              "name": "1030500",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030500"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2014-07-01T10:17Z"
    }
  }
}

var-201407-0104

Vulnerability from variot

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. A remote attacker could exploit this vulnerability to obtain sensitive information in memory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003

OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following:

Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005.

copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP

curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015

Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative

Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero

iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero

Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375

Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero

IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378

IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero

Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero

Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project

Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm

Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293

OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community

Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".

To check the current version of software, select "Settings -> General -> About"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0104",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9 to  10.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8.5"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.2   (iphone 4 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "iphone iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0-"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cunzhang from Adlab of Venustech, Ian Beer of Google Project Zero and Thijs Alkemade of The Adium Project",
    "sources": [
      {
        "db": "BID",
        "id": "68274"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-1361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-1361",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-69300",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-1361",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-1361",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-042",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69300",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. \nThe update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. \nAttackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. \nApple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. A remote attacker could exploit this vulnerability to obtain sensitive information in memory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update\n2014-003\n\nOS X Mavericks 10.9.4 and Security Update 2014-003 are now available\nand address the following:\n\nCertificate Trust Policy\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttp://support.apple.com/kb/HT6005. \n\ncopyfile\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  Opening a maliciously crafted zip file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An out of bounds byte swapping issue existed in the\nhandling of AppleDouble files in zip archives. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP\n\ncurl\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A remote attacker may be able to gain access to another\nuser\u0027s session\nDescription:  cURL re-used NTLM connections when more than one\nauthentication method was enabled, which allowed an attacker to gain\naccess to another user\u0027s session. \nCVE-ID\nCVE-2014-0015\n\nDock\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  A sandboxed application may be able to circumvent sandbox\nrestrictions\nDescription:  An unvalidated array index issue existed in the\nDock\u0027s handling of messages from applications. A maliciously\ncrafted message could cause an invalid function pointer to be\ndereferenced, which could lead to an unexpected application\ntermination or arbitrary code execution. \nCVE-ID\nCVE-2014-1371 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nGraphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read kernel memory, which can be used to\nbypass kernel address space layout randomization\nDescription:  An out-of-bounds read issue existed in the handling of\na system call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1372 : Ian Beer of Google Project Zero\n\niBooks Commerce\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  An attacker with access to a system may be able to recover\nApple ID credentials\nDescription:  An issue existed in the handling of iBooks logs. The\niBooks process could log Apple ID credentials in the iBooks log where\nother users of the system could read it. This issue was addressed by\ndisallowing logging of credentials. \nCVE-ID\nCVE-2014-1317 : Steve Dunham\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of an OpenGL\nAPI call. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1373 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription:  A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by removing the\npointer from the object. \nCVE-ID\nCVE-2014-1375\n\nIntel Compute\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in the handling of an OpenCL\nAPI call. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An array indexing issue existed in IOAcceleratorFamily. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1377 : Ian Beer of Google Project Zero\n\nIOGraphicsFamily\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription:  A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by using a unique\nID instead of a pointer. \nCVE-ID\nCVE-2014-1378\n\nIOReporting\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user could cause an unexpected system restart\nDescription:  A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through additional\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-1355 : cunzhang from Adlab of Venustech\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer underflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1359 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in launchd\u0027s handling of\nIPC messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1356 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in launchd\u0027s handling of\nlog messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1357 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1358 : Ian Beer of Google Project Zero\n\nGraphics Drivers\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple null dereference issues existed in kernel\ngraphics drivers. A maliciously crafted 32-bit executable may have\nbeen able to obtain elevated privileges. \nCVE-ID\nCVE-2014-1379 : Ian Beer of Google Project Zero\n\nSecurity - Keychain\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  An attacker may be able to type into windows under the\nscreen lock\nDescription:  Under rare circumstances, the screen lock did not\nintercept keystrokes. This could have allowed an attacker to type\ninto windows under the screen lock. This issue was addressed through\nimproved keystroke observer management. This issue was\naddressed by only accepting DTLS messages in a DTLS connection. \nCVE-ID\nCVE-2014-1361 : Thijs Alkemade of The Adium Project\n\nThunderbolt\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An out of bounds memory access issue existed in the\nhandling of IOThunderBoltController API calls. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1381 : Catherine aka winocm\n\nNote: OS X Mavericks 10.9.4 includes the security content of\nSafari 7.0.5: http://support.apple.com/kb/HT6293\n\nOS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN\n6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX\na569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM\nKx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb\nnak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr\nQ/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR\nuqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo\nT/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR\n1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4\nFiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka\nePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr\n+/tiYIHJ5pUCKf+C8xJC\n=HkFr\n-----END PGP SIGNATURE-----\n\n. \nCVE-ID\nCVE-2013-2875 : miaubiz\nCVE-2013-2927 : cloudfuzzer\nCVE-2014-1323 : banty\nCVE-2014-1325 : Apple\nCVE-2014-1326 : Apple\nCVE-2014-1327 : Google Chrome Security Team, Apple\nCVE-2014-1329 : Google Chrome Security Team\nCVE-2014-1330 : Google Chrome Security Team\nCVE-2014-1331 : cloudfuzzer\nCVE-2014-1333 : Google Chrome Security Team\nCVE-2014-1334 : Apple\nCVE-2014-1335 : Google Chrome Security Team\nCVE-2014-1336 : Apple\nCVE-2014-1337 : Apple\nCVE-2014-1338 : Google Chrome Security Team\nCVE-2014-1339 : Atte Kettunen of OUSPG\nCVE-2014-1341 : Google Chrome Security Team\nCVE-2014-1342 : Apple\nCVE-2014-1343 : Google Chrome Security Team\nCVE-2014-1362 : Apple, miaubiz\nCVE-2014-1363 : Apple\nCVE-2014-1364 : Apple\nCVE-2014-1365 : Apple, Google Chrome Security Team\nCVE-2014-1366 : Apple\nCVE-2014-1367 : Apple\nCVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)\nCVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2014-1731 : an anonymous member of the Blink development\ncommunity\n\nApple TV\nAvailable for:  Apple TV 2nd generation and later\nImpact:  An iTunes Store transaction may be completed with\ninsufficient authorization\nDescription:  A signed-in user was able to complete an iTunes Store\ntransaction without providing a valid password when prompted. \nCVE-ID\nCVE-2014-1383\n\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "BID",
        "id": "68274"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "PACKETSTORM",
        "id": "127308"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1361",
        "trust": 3.0
      },
      {
        "db": "SECUNIA",
        "id": "59475",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1030500",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU99696049",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "68274",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-69300",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127306",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127308",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "BID",
        "id": "68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "PACKETSTORM",
        "id": "127308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "id": "VAR-201407-0104",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:58:16.558000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6297",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6297"
      },
      {
        "title": "HT6298",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6298"
      },
      {
        "title": "HT6296",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6296"
      },
      {
        "title": "HT6296",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6296?viewlocale=ja_JP"
      },
      {
        "title": "HT6297",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6297?viewlocale=ja_JP"
      },
      {
        "title": "HT6298",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6298?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
      },
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
      },
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht6296"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1030500"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59475"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1361"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99696049/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1361"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.2,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1357"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1356"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1358"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1355"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1361"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1359"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6293"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6005."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1372"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1380"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1375"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1378"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1373"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1376"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1337"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1336"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1326"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1343"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1338"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1325"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1335"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1323"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1342"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1339"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1327"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2875"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1341"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1330"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "BID",
        "id": "68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "PACKETSTORM",
        "id": "127308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "db": "BID",
        "id": "68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "PACKETSTORM",
        "id": "127308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "date": "2014-06-30T00:00:00",
        "db": "BID",
        "id": "68274"
      },
      {
        "date": "2014-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "date": "2014-07-01T01:03:32",
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "date": "2014-07-01T01:07:19",
        "db": "PACKETSTORM",
        "id": "127308"
      },
      {
        "date": "2014-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "date": "2014-07-01T10:17:26.750000",
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69300"
      },
      {
        "date": "2014-06-30T00:00:00",
        "db": "BID",
        "id": "68274"
      },
      {
        "date": "2014-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      },
      {
        "date": "2024-11-21T02:04:08.883000",
        "db": "NVD",
        "id": "CVE-2014-1361"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  Secure Transport Vulnerability to retrieve important information from uninitialized process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003082"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-042"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2014-1361

Vulnerability from fkie_nvd

Published

2014-07-01 10:17

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
product-security@apple.com	http://secunia.com/advisories/59475
product-security@apple.com	http://support.apple.com/kb/HT6296	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1030500
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59475
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6296	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030500

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.9
apple	mac_os_x	10.9.1
apple	mac_os_x	10.9.2
apple	mac_os_x	10.9.3
apple	iphone_os	*
apple	iphone_os	7.0
apple	iphone_os	7.0.1
apple	iphone_os	7.0.2
apple	iphone_os	7.0.3
apple	iphone_os	7.0.4
apple	iphone_os	7.0.5
apple	iphone_os	7.0.6
apple	iphone_os	7.1
apple	tvos	*
apple	tvos	6.0
apple	tvos	6.0.1
apple	tvos	6.0.2
apple	tvos	6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAD650-87D1-49BB-A8C7-BA39FD47285C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BB54764-186F-490D-A17A-4FA1180A854B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E92C81-A564-4B9A-A263-8C0CF7844D32",
              "versionEndIncluding": "7.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF40E86-E5D2-4D66-B296-ADFA78B42113",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE5BFA0-A785-47FB-AE9E-4F6297DD1FBF",
              "versionEndIncluding": "6.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5365205F-B91D-4123-8CFD-EA42E0DEA944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C7F676-5ACC-4330-9591-465CA8AF77AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5314D7F-8352-41F5-A155-5E5392C58ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36567F18-DE70-4189-A52E-A0376C779B7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection."
    },
    {
      "lang": "es",
      "value": "Secure Transport en Apple iOS anterior a 7.1.2, Apple OS X anterior a 10.9.4, y Apple TV anterior a 6.1.2 no asegura que un mensaje DTLS est\u00e1 aceptado \u00fanicamente para una conexi\u00f3n DTLS, lo que permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible de memoria de procesos no inicializada mediante el proporcionamiento de un mensaje DTLS dentro de una conexi\u00f3n TLS."
    }
  ],
  "id": "CVE-2014-1361",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-01T10:17:26.750",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1030500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030500"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-1361 (GCVE-0-2014-1361)

Vulnerability from cvelistv5

ghsa-8gjh-39j4-6x54

Vulnerability from github

CERTFR-2014-AVI-293

Vulnerability from certfr_avis

Solution

gsd-2014-1361

Vulnerability from gsd

var-201407-0104

Vulnerability from variot

fkie_cve-2014-1361

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature