CVE-2014-4461CVE-2014-4461

Affected configuration(s):

cpe:/a:apple:apple_tv:6.0
cpe:/a:apple:apple_tv:6.0.1
cpe:/a:apple:apple_tv:6.0.2
cpe:/a:apple:apple_tv:6.1
cpe:/a:apple:apple_tv:6.1.1
cpe:/a:apple:apple_tv:6.1.2
cpe:/a:apple:apple_tv:6.2
cpe:/a:apple:apple_tv:6.2.1
cpe:/a:apple:apple_tv:7.0
cpe:/a:apple:apple_tv:7.0.1
cpe:/o:apple:iphone_os:8.0
cpe:/o:apple:iphone_os:8.0.1
cpe:/o:apple:iphone_os:8.0.2
cpe:/o:apple:iphone_os:8.1
cpe:/o:apple:mac_os_x:10.8.5
cpe:/o:apple:mac_os_x:10.9.5
cpe:/o:apple:mac_os_x:10.10.0
cpe:/o:apple:mac_os_x:10.10.1

Date published: 2014-11-18T06:59:08.747-05:00

Date last modified: 2017-08-28T21:35:04.047-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html

Summary: The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.