var-201409-0516
Vulnerability from variot
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. Attackers can exploit this issue to cause denial-of-service conditions or gain access to sensitive information. This issue is fixed in: Apple Mac Os X 10.9.5 Apple iOS 8 Apple TV 7. Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components: 802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home & Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. This BID is being retired. The following individual records exist to better document the issues: 69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability 69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability 69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability 69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability 69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability 69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability 69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability 69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability 69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability 69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability 69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability 69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability 69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability 69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability 69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability 69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability 69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability 69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability 69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability 69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability 69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability 69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability 69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability 69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability 69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability 69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability 69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability 69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability 69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability 69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability 69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability 69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability 69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability 69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability 69945 Apple iOS CVE-2014-4367 Security Vulnerability 69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability 69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability 69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability 69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:
apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This issue was addressed through always allocating the Global Descriptor Table at random addresses. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-09-17-2 Apple TV 7
Apple TV 7 is now available and addresses the following:
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by removing support for LEAP. CVE-ID CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with access to an device may access sensitive user information from logs Description: Sensitive user information was logged. This issue was addressed by logging less information. CVE-ID CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to cause a device to think that it is up to date even when it is not Description: A validation issue existed in the handling of update check responses. Spoofed dates from Last-Modified response headers set to future dates were used for If-Modified-Since checks in subsequent update requests. This issue was addressed by validation of the Last-Modified header. CVE-ID CVE-2014-4383 : Raul Siles of DinoSec
Apple TV Available for: Apple TV 3rd generation and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Apple TV Available for: Apple TV 3rd generation and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Apple TV Available for: Apple TV 3rd generation and later Impact: An application may cause an unexpected system termination Description: A null pointer dereference existed in the handling of IOAcceleratorFamily API arguments. This issue was addressed through improved validation of IOAcceleratorFamily API arguments. CVE-ID CVE-2014-4369 : Catherine aka winocm
Apple TV Available for: Apple TV 3rd generation and later Impact: The device may unexpectedly restart Description: A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed by improved error handling. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue existed in the IOHIDFamily kernel extension. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to read uninitialized data from kernel memory Description: An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization CVE-ID CVE-2014-4407 : @PanguTeam
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4418 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A local user may be able to determine kernel memory layout Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization. CVE-ID CVE-2014-4371 : Fermin J. Serna of the Google Security Team CVE-2014-4419 : Fermin J. Serna of the Google Security Team CVE-2014-4420 : Fermin J. Serna of the Google Security Team CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Apple TV Available for: Apple TV 3rd generation and later Impact: A person with a privileged network position may cause a denial of service Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking. CVE-ID CVE-2011-2391 : Marc Heuse
Apple TV Available for: Apple TV 3rd generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports. CVE-ID CVE-2014-4375
Apple TV Available for: Apple TV 3rd generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4408
Apple TV Available for: Apple TV 3rd generation and later Impact: Some kernel hardening measures may be bypassed Description: The 'early' random number generator used in some kernel hardening measures was not cryptographically secure, and some of its output was exposed to user space, allowing bypass of the hardening measures. This issue was addressed by replacing the random number generator with a cryptographically secure algorithm, and using a 16-byte seed. CVE-ID CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
Apple TV Available for: Apple TV 3rd generation and later Impact: A local user may be able to change permissions on arbitrary files Description: syslogd followed symbolic links while changing permissions on files. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC)
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-6663 : Atte Kettunen of OUSPG CVE-2014-1384 : Apple CVE-2014-1385 : Apple CVE-2014-1387 : Google Chrome Security Team CVE-2014-1388 : Apple CVE-2014-1389 : Apple CVE-2014-4410 : Eric Seidel of Google CVE-2014-4411 : Google Chrome Security Team CVE-2014-4412 : Apple CVE-2014-4413 : Apple CVE-2014-4414 : Apple CVE-2014-4415 : Apple
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGMh1AAoJEBcWfLTuOo7tSWgP/j19RyvhyRDhJJyBozeK/pN6 6pgKhW3R++yi3COOjYX9oGmupiDNlIz5Rd7pkZMxq+f6BbwBh+hzXoPDdHw33yRO pQ9nV32gDIBlQRjvqmJgU/w6ODJWdPukcGBZqqjTjywce/tDxC9ZQBZLcRRuifXl dQdCYmXpkIcyZ3Yh9uF6sSXy0vngZr7kvvyJnst4WTmjqF3X9Sak75/s8Xa4oLyg naD+o2ITisuMk7dEmY6p1vqhbbQIxIeg315VyQxoGfsml9IPtOI5SWOPO+wi6nNd PyHKTFuhmlqjE+tKdBLulBMQPNreF0bCP+iNipBtAUS8RUyR19dfkDDjJeBbcqp7 Lsl4+6XsXABKPjrj66pBl7M7NZR+9mRfJbr83gmDN7hXu2OZJ7PxH49UKmr7JkeK OWlMyiyd4NfigtlasUTnom+Jky+uIDy/JYBGkumgoCG50cdt+BAQgb8CiPCS11LK OX0Ra4X8juRxh9TajQ+afx6r5Ma0Zdhj+ONzGJaTCCV+/NVjSKb/o+MfxlSiRYBN ot4R5cbQFHFDxcpMW+5S8EYt8mgUmn7oCxBm21mj9hzo9pqDVWTABaIUywI4+4n4 uWnZKxtit873cik8gE+NtbngtF3/q40n0Wvf3UzP6RTedl9g56wmjZ8NPvKWL8rE vHsGbux+Eb0CYjDTQqqS =98h5 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9 to v10.9.4"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7 (apple tv first 3 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8 (ipod touch first 5 after generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.9.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.0"
},
{
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
}
],
"sources": [
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Beer of Google Project Zero.",
"sources": [
{
"db": "BID",
"id": "69921"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-4379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-72319",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-4379",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-626",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-72319",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. \nAttackers can exploit this issue to cause denial-of-service conditions or gain access to sensitive information. \nThis issue is fixed in:\nApple Mac Os X 10.9.5\nApple iOS 8\nApple TV 7. Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components:\n802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home \u0026amp; Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components. \nSuccessfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. \nThis BID is being retired. The following individual records exist to better document the issues:\n69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability\n69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability\n69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability\n69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability\n69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability\n69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability\n69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability\n69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability\n69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability\n69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability\n69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability\n69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability\n69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability\n69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability\n69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability\n69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability\n69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability\n69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability\n69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability\n69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability\n69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability\n69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability\n69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability\n69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability\n69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability\n69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability\n69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability\n69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability\n69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability\n69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability\n69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability\n69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability\n69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability\n69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability\n69945 Apple iOS CVE-2014-4367 Security Vulnerability\n69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability\n69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability\n69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability\n69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in PHP 5.4.24\nDescription: Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nThis update was addressed by updating OpenSSL to version 0.9.8za. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-2 Apple TV 7\n\nApple TV 7 is now available and addresses the following:\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker can obtain WiFi credentials\nDescription: An attacker could have impersonated a WiFi access\npoint, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,\nand used the derived credentials to authenticate to the intended\naccess point even if that access point supported stronger\nauthentication methods. This issue was addressed by removing support\nfor LEAP. \nCVE-ID\nCVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim\nLamotte of Universiteit Hasselt\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker with access to an device may access sensitive\nuser information from logs\nDescription: Sensitive user information was logged. This issue was\naddressed by logging less information. \nCVE-ID\nCVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker with a privileged network position may be able\nto cause a device to think that it is up to date even when it is not\nDescription: A validation issue existed in the handling of update\ncheck responses. Spoofed dates from Last-Modified response headers\nset to future dates were used for If-Modified-Since checks in\nsubsequent update requests. This issue was addressed by validation of\nthe Last-Modified header. \nCVE-ID\nCVE-2014-4383 : Raul Siles of DinoSec\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription: An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An application may cause an unexpected system termination\nDescription: A null pointer dereference existed in the handling of\nIOAcceleratorFamily API arguments. This issue was addressed through\nimproved validation of IOAcceleratorFamily API arguments. \nCVE-ID\nCVE-2014-4369 : Catherine aka winocm\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: The device may unexpectedly restart\nDescription: A NULL pointer dereference was present in the\nIntelAccelerator driver. The issue was addressed by improved error\nhandling. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: An out-of-bounds write issue existed in the IOHIDFamily\nkernel extension. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to read uninitialized\ndata from kernel memory\nDescription: An uninitialized memory access issue existed in the\nhandling of IOKit functions. This issue was addressed through\nimproved memory initialization\nCVE-ID\nCVE-2014-4407 : @PanguTeam\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4418 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: Multiple uninitialized memory issues existed in the\nnetwork statistics interface, which led to the disclosure of kernel\nmemory content. This issue was addressed through additional memory\ninitialization. \nCVE-ID\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A person with a privileged network position may cause a\ndenial of service\nDescription: A race condition issue existed in the handling of IPv6\npackets. This issue was addressed through improved lock state\nchecking. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A double free issue existed in the handling of Mach\nports. This issue was addressed through improved validation of Mach\nports. \nCVE-ID\nCVE-2014-4375\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: An out-of-bounds read issue existed in rt_setgate. This\nmay lead to memory disclosure or memory corruption. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-4408\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Some kernel hardening measures may be bypassed\nDescription: The \u0027early\u0027 random number generator used in some kernel\nhardening measures was not cryptographically secure, and some of its\noutput was exposed to user space, allowing bypass of the hardening\nmeasures. This issue was addressed by replacing the random number\ngenerator with a cryptographically secure algorithm, and using a\n16-byte seed. \nCVE-ID\nCVE-2014-4422 : Tarjei Mandt of Azimuth Security\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A local user may be able to change permissions on arbitrary\nfiles\nDescription: syslogd followed symbolic links while changing\npermissions on files. This issue was addressed through improved\nhandling of symbolic links. \nCVE-ID\nCVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech\nInformation Security Center (GTISC)\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker with a privileged network position may cause an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-6663 : Atte Kettunen of OUSPG\nCVE-2014-1384 : Apple\nCVE-2014-1385 : Apple\nCVE-2014-1387 : Google Chrome Security Team\nCVE-2014-1388 : Apple\nCVE-2014-1389 : Apple\nCVE-2014-4410 : Eric Seidel of Google\nCVE-2014-4411 : Google Chrome Security Team\nCVE-2014-4412 : Apple\nCVE-2014-4413 : Apple\nCVE-2014-4414 : Apple\nCVE-2014-4415 : Apple\n\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGMh1AAoJEBcWfLTuOo7tSWgP/j19RyvhyRDhJJyBozeK/pN6\n6pgKhW3R++yi3COOjYX9oGmupiDNlIz5Rd7pkZMxq+f6BbwBh+hzXoPDdHw33yRO\npQ9nV32gDIBlQRjvqmJgU/w6ODJWdPukcGBZqqjTjywce/tDxC9ZQBZLcRRuifXl\ndQdCYmXpkIcyZ3Yh9uF6sSXy0vngZr7kvvyJnst4WTmjqF3X9Sak75/s8Xa4oLyg\nnaD+o2ITisuMk7dEmY6p1vqhbbQIxIeg315VyQxoGfsml9IPtOI5SWOPO+wi6nNd\nPyHKTFuhmlqjE+tKdBLulBMQPNreF0bCP+iNipBtAUS8RUyR19dfkDDjJeBbcqp7\nLsl4+6XsXABKPjrj66pBl7M7NZR+9mRfJbr83gmDN7hXu2OZJ7PxH49UKmr7JkeK\nOWlMyiyd4NfigtlasUTnom+Jky+uIDy/JYBGkumgoCG50cdt+BAQgb8CiPCS11LK\nOX0Ra4X8juRxh9TajQ+afx6r5Ma0Zdhj+ONzGJaTCCV+/NVjSKb/o+MfxlSiRYBN\not4R5cbQFHFDxcpMW+5S8EYt8mgUmn7oCxBm21mj9hzo9pqDVWTABaIUywI4+4n4\nuWnZKxtit873cik8gE+NtbngtF3/q40n0Wvf3UzP6RTedl9g56wmjZ8NPvKWL8rE\nvHsGbux+Eb0CYjDTQqqS\n=98h5\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128299"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4379",
"trust": 3.0
},
{
"db": "BID",
"id": "69882",
"trust": 2.0
},
{
"db": "BID",
"id": "69921",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1030866",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU93868849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-72319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128299",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128299"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"id": "VAR-201409-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72319"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:30:42.728000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6442",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6442"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443"
},
{
"title": "HT6441",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6441"
},
{
"title": "HT6441",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6441?viewlocale=ja_JP"
},
{
"title": "HT6442",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6442?viewlocale=ja_JP"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443?viewlocale=ja_JP"
},
{
"title": "AppleTV3,2_7.0_12A365b_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51554"
},
{
"title": "iPhone7,2_8.0_12A365_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51553"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/69882"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/69921"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6441"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6442"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6443"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030866"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96080"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4379"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93868849/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4379"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/appletv/features.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "http://www.vsecurity.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4404"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4371"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128299"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72319"
},
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "128299"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-72319"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69921"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69882"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"date": "2014-09-19T15:26:13",
"db": "PACKETSTORM",
"id": "128315"
},
{
"date": "2014-09-17T22:29:54",
"db": "PACKETSTORM",
"id": "128299"
},
{
"date": "2014-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"date": "2014-09-18T10:55:09.470000",
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-72319"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69921"
},
{
"date": "2014-09-23T00:01:00",
"db": "BID",
"id": "69882"
},
{
"date": "2014-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004309"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-626"
},
{
"date": "2024-11-21T02:10:04.920000",
"db": "NVD",
"id": "CVE-2014-4379"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "69921"
},
{
"db": "BID",
"id": "69882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Unspecified product IOHIDFamily Vulnerabilities that capture important information on functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-626"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.