Vulnerability Description
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 8.0.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70660
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97666
- https://support.apple.com/kb/HT6541Vendor Advisory
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70660
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97666
- https://support.apple.com/kb/HT6541Vendor Advisory
FAQ
What is CVE-2014-4450?
CVE-2014-4450 is a vulnerability with a CVSS score of 1.9 (LOW). The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover...
How severe is CVE-2014-4450?
CVE-2014-4450 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4450?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.