Vulnerability Details : CVE-2014-4381
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-4381
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4381
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4381
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-4381
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4381
-
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
-
http://secunia.com/advisories/61318
Sign in
-
http://support.apple.com/kb/HT6441
About the security content of iOS 8 - Apple Support
-
http://support.apple.com/kb/HT6443
About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple SupportVendor Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
-
http://support.apple.com/kb/HT6442
About the security content of Apple TV 7 - Apple Support
-
http://www.securitytracker.com/id/1030866
Apple iOS Multiple Bugs Let Remote Users Obtain Information and Execute Arbitrary Code andLocal Users Gain Elevated Privileges and Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96083
Apple iOS and Apple TV code execution CVE-2014-4381 Vulnerability Report
-
http://www.securityfocus.com/bid/69882
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
-
http://www.securityfocus.com/bid/69931
Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability
Jump to