CVE-2014-1358 : Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4,

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

Published 2014-07-01 10:17:27

Updated 2025-04-12 10:46:41

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2014-1358

Apple » Mac Os X » Version: 10.9.1
cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.9
cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.9.2
cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.9.3
cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions up to, including, (<=) 7.1.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.1
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.2
cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.4
cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.3
cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.5
cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.6
cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.1
cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions up to, including, (<=) 6.1.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0.1
cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0
cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.1
cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0.2
cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-1358

Top countries where our scanners detected CVE-2014-1358

Top open port discovered on systems with this issue 548

IPs affected by CVE-2014-1358 110

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-1358!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-1358

EPSS FAQ

1.90%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1358

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-1358

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1358

http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html

CVEs referencing this url
http://support.apple.com/kb/HT6296

About the security content of OS X Mavericks v10.9.4 and Security Update 2014-003 - Apple Support
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/59475

Sign in

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html

CVEs referencing this url
http://www.securitytracker.com/id/1030500

Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Let Local Applications Gain Elevated Privileges - SecurityTracker

CVEs referencing this url