var-201501-0618
Vulnerability from variot
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect AppleFileConduit, Kernel, and WebKit components. Attackers can exploit these issues to bypass security restrictions, disclose information, and perform other attacks. Both Apple iOS and Apple TV are products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product. The vulnerability stems from the fact that the program does not correctly limit the kernel-address and heap-permutation information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-03-09-3 Security Update 2015-002
Security Update 2015-002 is now available and addresses the following:
iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An off by one issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1066 : Ian Beer of Google Project Zero
IOSurface Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations. CVE-ID CVE-2014-4496 : TaiG Jailbreak Team
Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris
Security Update 2015-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe 7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu TJDXCjMND7F2ZJFRim/F =7PU8 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0618",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0.3 (apple tv first 3 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.1.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.1.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.1.3 (ipod touch first 5 after generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "72334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TaiG Jailbreak Team and Rennie deGraaf of iSEC Partners",
"sources": [
{
"db": "BID",
"id": "72334"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-72436",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4496",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-753",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72436",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities. \nThe update addresses new vulnerabilities that affect AppleFileConduit, Kernel, and WebKit components. \nAttackers can exploit these issues to bypass security restrictions, disclose information, and perform other attacks. Both Apple iOS and Apple TV are products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product. The vulnerability stems from the fact that the program does not correctly limit the kernel-address and heap-permutation information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-03-09-3 Security Update 2015-002\n\nSecurity Update 2015-002 is now available and addresses the\nfollowing:\n\niCloud Keychain\nAvailable for: OS X Yosemite v10.10.2\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: Multiple buffer overflows existed in the handling of\ndata during iCloud Keychain recovery. These issues were addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2015-1065 : Andrey Belenko of NowSecure\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An off by one issue existed in IOAcceleratorFamily. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2015-1066 : Ian Beer of Google Project Zero\n\nIOSurface\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A type confusion issue existed in IOSurface\u0027s handling\nof serialized objects. The issue was addressed through additional\ntype checking. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Yosemite v10.10.2\nImpact: Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription: The mach_port_kobject kernel interface leaked kernel\naddresses and heap permutation value, which may aid in bypassing\naddress space layout randomization protection. This was addressed by\ndisabling the mach_port_kobject interface in production\nconfigurations. \nCVE-ID\nCVE-2014-4496 : TaiG Jailbreak Team\n\nSecure Transport\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: Secure Transport accepted short ephemeral RSA keys,\nusually used only in export-strength RSA cipher suites, on\nconnections using full-strength RSA cipher suites. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\n\nSecurity Update 2015-002 may be obtained from the Mac App Store\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx\nQJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo\nR73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK\nF9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp\nVHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe\n7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i\nbut+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR\nTxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N\nkYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b\nI3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u\ni6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu\nTJDXCjMND7F2ZJFRim/F\n=7PU8\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4496"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "BID",
"id": "72334"
},
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "PACKETSTORM",
"id": "130743"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4496",
"trust": 2.9
},
{
"db": "BID",
"id": "72334",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1031652",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90171154",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96447236",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130743",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72436",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "BID",
"id": "72334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "PACKETSTORM",
"id": "130743"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"id": "VAR-201501-0618",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72436"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:38:11.456000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-01-27-2 iOS 8.1.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"title": "APPLE-SA-2015-01-27-1 Apple TV 7.0.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"title": "APPLE-SA-2015-03-09-3 Security Update 2015-002",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"title": "HT204245",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204245"
},
{
"title": "HT204246",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204246"
},
{
"title": "HT204413",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT204413"
},
{
"title": "HT204245",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204245"
},
{
"title": "HT204246",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204246"
},
{
"title": "HT204413",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72334"
},
{
"trust": 1.7,
"url": "http://support.apple.com/ht204245"
},
{
"trust": 1.7,
"url": "http://support.apple.com/ht204246"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht204413"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1031652"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4496"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96447236/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90171154/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4496"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/in/appletv/"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht1222?viewlocale=en_us"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1066"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4496"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1061"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "BID",
"id": "72334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "PACKETSTORM",
"id": "130743"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72436"
},
{
"db": "BID",
"id": "72334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"db": "PACKETSTORM",
"id": "130743"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-72436"
},
{
"date": "2015-01-27T00:00:00",
"db": "BID",
"id": "72334"
},
{
"date": "2015-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"date": "2015-03-10T16:20:32",
"db": "PACKETSTORM",
"id": "130743"
},
{
"date": "2015-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"date": "2015-01-30T11:59:25.297000",
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-72436"
},
{
"date": "2016-01-12T02:16:00",
"db": "BID",
"id": "72334"
},
{
"date": "2015-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001287"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-753"
},
{
"date": "2024-11-21T02:10:18.447000",
"db": "NVD",
"id": "CVE-2014-4496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and Apple TV Of the kernel mach_port_kobject In the interface ASLR Vulnerabilities that circumvent protection mechanisms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001287"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-753"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…