cvelistv5 - cve-2014-4448

CVE-2014-4448 (GCVE-0-2014-4448)

Vulnerability from cvelistv5

Published

2014-10-22 10:00

Modified

2024-08-06 11:12

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTFR-2014-AVI-439

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à 8.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

var-201410-1082

Vulnerability from variot

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. House Arrest is one of the services used for calling iTunes to send and receive files between iOS devices and Apps. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-10-20-1 iOS 8.1

iOS 8.1 is now available and addresses the following:

Bluetooth Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Bluetooth input device may bypass pairing Description: Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy accessories. If an iOS device had paired with such an accessory, an attacker could spoof the legitimate accessory to establish a connection. The issue was addressed by denying unencrypted HID connections. CVE-ID CVE-2014-4428 : Mike Ryan of iSEC Partners

House Arrest Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Files transferred to the device may be written with insufficient cryptographic protection Description: Files could be transferred to an app's Documents directory and encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the transferred files with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2014-4448 : Jonathan Zdziarski and Kevin DeLong

iCloud Data Access Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may force iCloud data access clients to leak sensitive information Description: A TLS certificate validation vulnerability existed in iCloud data access clients. This issue was addressed by improved certificate validation. CVE-ID CVE-2014-4449 : Carl Mehner of USAA

Keyboards Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType could learn users' credentials Description: QuickType could learn users' credentials when switching between elements. This issue was addressed by QuickType not learning from fields where autocomplete is disabled and reapplying the criteria when switching between DOM input elements in legacy WebKit. CVE-ID CVE-2014-4450

Secure Transport Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.1".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJURUHQAAoJEBcWfLTuOo7tJMoP/2RPUJpecEmfPnrJHesyWE07 eGVLvu+Qo/VQN2X/aJI4ZxXiZzzEhbo9+HOEmE9hfBW+GwJ+tumOqJ/S0+8X6/BT 955fHTKT8zPHa1OvW2H+CEdeYtxIVTCb14ePmZMfykiyhvvk5HeODKPrj2fO7yL/ Bb9vggEkgZvssrXNQ3SXWLbzTobivaOjGNPXgELUFfCjjZH7Sdf9l8/r+NGR4c4w YFeDFqfPq9U7ebBt14oH5a+t3ha5uV0Zt1aKFtRkFdJlIwHFMbb7QSUQY1W24Kvt MKqpWQi1fR2x1k6p5ss6o8S/EeL5Vz6KsPnraWTRayC8w5r6IhVeOLbAEoaI0yON YoyY9LkFOwx68BZr8q7MyFdN+5iHrlYFG9bfSzIeZ1NmK4cfMgaG+jckoh/GtNjm voDOHL7qEjDgpAoYZ7XejVKvd5v7xXV8JcnDtmlg+rCh1eH/vyoYX4+PFUW3AiIo IkgUm0JvaZrOdXP1W2vIqFDHaxGoUMj4Ius+No7X+e4+uDACofBYP8btEdBf2mEW NBqc2jLZRaXbCpaHK1TCfeqSQLh32pUVWsgsK9ad4uH79tMke2EzyYkwztiksxT3 f4s8MGv2PdYnLjfWc4C5WN8ZbgdILVncTdNUItYvVya1nyuSXkCK6thWS35YEvDp ViMxSLY5YjSJvhzCf+hk =5AaA -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1082",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jonathan Zdziarski, and Kevin DeLong.",
    "sources": [
      {
        "db": "BID",
        "id": "70661"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-4448",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2014-4448",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-72388",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-4448",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-4448",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1164",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-72388",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. \nSuccessfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. House Arrest is one of the services used for calling iTunes to send and receive files between iOS devices and Apps. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-20-1 iOS 8.1\n\niOS 8.1 is now available and addresses the following:\n\nBluetooth\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious Bluetooth input device may bypass pairing\nDescription:  Unencrypted connections were permitted from Human\nInterface Device-class Bluetooth Low Energy accessories. If an iOS\ndevice had paired with such an accessory, an attacker could spoof the\nlegitimate accessory to establish a connection. The issue was\naddressed by denying unencrypted HID connections. \nCVE-ID\nCVE-2014-4428 : Mike Ryan of iSEC Partners\n\nHouse Arrest\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Files transferred to the device may be written with\ninsufficient cryptographic protection\nDescription:  Files could be transferred to an app\u0027s Documents\ndirectory and encrypted with a key protected only by the hardware\nUID. This issue was addressed by encrypting the transferred files\nwith a key protected by the hardware UID and the user\u0027s passcode. \nCVE-ID\nCVE-2014-4448 : Jonathan Zdziarski and Kevin DeLong\n\niCloud Data Access\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in a privileged network position may force\niCloud data access clients to leak sensitive information\nDescription:  A TLS certificate validation vulnerability existed in\niCloud data access clients. This issue was addressed by improved\ncertificate validation. \nCVE-ID\nCVE-2014-4449 : Carl Mehner of USAA\n\nKeyboards\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  QuickType could learn users\u0027 credentials\nDescription:  QuickType could learn users\u0027 credentials when switching\nbetween elements. This issue was addressed by QuickType not learning\nfrom fields where autocomplete is disabled and reapplying the\ncriteria when switching between DOM input elements in legacy WebKit. \nCVE-ID\nCVE-2014-4450\n\nSecure Transport\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to decrypt data protected by SSL\nDescription:  There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling CBC cipher suites\nwhen TLS connection attempts fail. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJURUHQAAoJEBcWfLTuOo7tJMoP/2RPUJpecEmfPnrJHesyWE07\neGVLvu+Qo/VQN2X/aJI4ZxXiZzzEhbo9+HOEmE9hfBW+GwJ+tumOqJ/S0+8X6/BT\n955fHTKT8zPHa1OvW2H+CEdeYtxIVTCb14ePmZMfykiyhvvk5HeODKPrj2fO7yL/\nBb9vggEkgZvssrXNQ3SXWLbzTobivaOjGNPXgELUFfCjjZH7Sdf9l8/r+NGR4c4w\nYFeDFqfPq9U7ebBt14oH5a+t3ha5uV0Zt1aKFtRkFdJlIwHFMbb7QSUQY1W24Kvt\nMKqpWQi1fR2x1k6p5ss6o8S/EeL5Vz6KsPnraWTRayC8w5r6IhVeOLbAEoaI0yON\nYoyY9LkFOwx68BZr8q7MyFdN+5iHrlYFG9bfSzIeZ1NmK4cfMgaG+jckoh/GtNjm\nvoDOHL7qEjDgpAoYZ7XejVKvd5v7xXV8JcnDtmlg+rCh1eH/vyoYX4+PFUW3AiIo\nIkgUm0JvaZrOdXP1W2vIqFDHaxGoUMj4Ius+No7X+e4+uDACofBYP8btEdBf2mEW\nNBqc2jLZRaXbCpaHK1TCfeqSQLh32pUVWsgsK9ad4uH79tMke2EzyYkwztiksxT3\nf4s8MGv2PdYnLjfWc4C5WN8ZbgdILVncTdNUItYvVya1nyuSXkCK6thWS35YEvDp\nViMxSLY5YjSJvhzCf+hk\n=5AaA\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "BID",
        "id": "70661"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "PACKETSTORM",
        "id": "128769"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4448",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "70661",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1031077",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-72388",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128769",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "BID",
        "id": "70661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "PACKETSTORM",
        "id": "128769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "id": "VAR-201410-1082",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:29:39.488000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6541",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6541"
      },
      {
        "title": "HT6541",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6541?viewlocale=ja_JP"
      },
      {
        "title": "iPhone7,2_8.1_12B411_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52149"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/archive/1/533747"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht6541"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70661"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031077"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4448"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4448"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4449"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4450"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4448"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4428"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "BID",
        "id": "70661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "PACKETSTORM",
        "id": "128769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "db": "BID",
        "id": "70661"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "db": "PACKETSTORM",
        "id": "128769"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "date": "2014-10-20T00:00:00",
        "db": "BID",
        "id": "70661"
      },
      {
        "date": "2014-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "date": "2014-10-21T01:06:53",
        "db": "PACKETSTORM",
        "id": "128769"
      },
      {
        "date": "2014-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "date": "2014-10-22T10:55:02.607000",
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72388"
      },
      {
        "date": "2014-10-20T00:00:00",
        "db": "BID",
        "id": "70661"
      },
      {
        "date": "2014-10-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      },
      {
        "date": "2014-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      },
      {
        "date": "2024-11-21T02:10:13.170000",
        "db": "NVD",
        "id": "CVE-2014-4448"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  House Arrest Vulnerability in which important information can be obtained from the document directory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004901"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1164"
      }
    ],
    "trust": 0.6
  }
}

gsd-2014-4448

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-4448

Aliases

CVE-2014-4448

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4448",
    "description": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.",
    "id": "GSD-2014-4448"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4448"
      ],
      "details": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.",
      "id": "GSD-2014-4448",
      "modified": "2023-12-13T01:22:45.285617Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-4448",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT6541",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT6541"
          },
          {
            "name": "1031077",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031077"
          },
          {
            "name": "70661",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/70661"
          },
          {
            "name": "appleios-cve20144448-weak-security(97664)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
          },
          {
            "name": "APPLE-SA-2014-10-20-1",
            "refsource": "APPLE",
            "url": "http://www.securityfocus.com/archive/1/533747"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-4448"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT6541",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT6541"
            },
            {
              "name": "APPLE-SA-2014-10-20-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/533747"
            },
            {
              "name": "1031077",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031077"
            },
            {
              "name": "70661",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/70661"
            },
            {
              "name": "appleios-cve20144448-weak-security(97664)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:35Z",
      "publishedDate": "2014-10-22T10:55Z"
    }
  }
}

ghsa-xrrh-2xgh-93p5

Vulnerability from github

Published

2022-05-17 01:23

Modified

2022-05-17 01:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4448"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-22T10:55:00Z",
    "severity": "LOW"
  },
  "details": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.",
  "id": "GHSA-xrrh-2xgh-93p5",
  "modified": "2022-05-17T01:23:54Z",
  "published": "2022-05-17T01:23:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4448"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT6541"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/533747"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70661"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031077"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2014-4448

Vulnerability from fkie_nvd

Published

2014-10-22 10:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/archive/1/533747
product-security@apple.com	http://www.securityfocus.com/bid/70661
product-security@apple.com	http://www.securitytracker.com/id/1031077
product-security@apple.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
product-security@apple.com	https://support.apple.com/kb/HT6541	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533747
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70661
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031077
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT6541	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58021BEB-65A6-42FC-8A36-F7A2BB4C1F76",
              "versionEndIncluding": "8.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID."
    },
    {
      "lang": "es",
      "value": "House Arrest en Apple iOS anterior a 8.1 depende del hardware UID para su clave de cifrado, lo que facilita a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible de un directorio de documentos mediante la obtenci\u00f3n de este UID."
    }
  ],
  "id": "CVE-2014-4448",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-22T10:55:02.607",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/archive/1/533747"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/70661"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1031077"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT6541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT6541"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-4448 (GCVE-0-2014-4448)

Vulnerability from cvelistv5

CERTFR-2014-AVI-439

Vulnerability from certfr_avis

Solution

var-201410-1082

Vulnerability from variot

gsd-2014-4448

Vulnerability from gsd

ghsa-xrrh-2xgh-93p5

Vulnerability from github

fkie_cve-2014-4448

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature