CVE-2014-4462 : WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remo

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

Published 2014-11-18 11:59:10

Updated 2025-04-12 10:46:41

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2014-4462

Apple » Iphone Os
Versions up to, including, (<=) 8.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 8.0.2
cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 8.0.1
cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 8.0
cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions up to, including, (<=) 7.0.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0.1
cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0
cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.1
cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.0.2
cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.1.1
cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.1.2
cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.2
cpe:2.3:o:apple:tvos:6.2:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 7.0
cpe:2.3:o:apple:tvos:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Tvos » Version: 6.2.1
cpe:2.3:o:apple:tvos:6.2.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-4462

EPSS FAQ

1.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4462

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-4462

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4462

http://secunia.com/advisories/62505

Sign in

CVEs referencing this url
https://support.apple.com/en-us/HT204418

About the security content of iOS 8.1.1 - Apple Support

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/98772

Apple TV WebKit code execution CVE-2014-4462 Vulnerability Report
https://support.apple.com/en-us/HT6590

About the security content of iOS 8.1.1 - Apple Support

CVEs referencing this url
https://support.apple.com/en-us/HT6592

About the security content of Apple TV 7.0.2 - Apple Support

CVEs referencing this url
http://www.securityfocus.com/bid/71142

WebKit CVE-2014-4462 Unspecified Memory Corruption Vulnerability
http://secunia.com/advisories/62504

Sign in

CVEs referencing this url
http://www.securitytracker.com/id/1031231

Apple TV Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-4462

Products affected by CVE-2014-4462

Exploit prediction scoring system (EPSS) score for CVE-2014-4462

CVSS scores for CVE-2014-4462

CWE ids for CVE-2014-4462

References for CVE-2014-4462