CVE-2014-4452 — MEDIUM (5.4)

Q: How severe is CVE-2014-4452?

CVE-2014-4452 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4452?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Tvos, Apple Iphone Os, Apple Safari, Apple Itunes.

Vulnerability Description

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

CVSS Score

5.4

MEDIUM

AV:A/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Tvos	>= 6.0, < 7.0.2
Apple	Iphone Os	>= 8.0, < 8.1.1
Apple	Safari	>= 6.0, < 6.2.1
Apple	Itunes	< 12.2

Related Weaknesses (CWE)

CWE-399

References

http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.htmlMailing ListPatchVendor Advisory
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlMailing ListPatchVendor Advisory
http://secunia.com/advisories/62504Third Party Advisory
http://secunia.com/advisories/62505Third Party Advisory
http://support.apple.com/kb/HT6596Vendor Advisory
http://www.securityfocus.com/bid/71137Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031231Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98771Third Party AdvisoryVDB Entry
https://support.apple.com/en-us/HT204418Vendor Advisory
https://support.apple.com/en-us/HT204420Vendor Advisory
https://support.apple.com/en-us/HT6590Vendor Advisory
https://support.apple.com/en-us/HT6592Vendor Advisory
https://support.apple.com/kb/HT204949Vendor Advisory

FAQ

What is CVE-2014-4452?

CVE-2014-4452 is a vulnerability with a CVSS score of 5.4 (MEDIUM). WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craf...

How severe is CVE-2014-4452?

CVE-2014-4452 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4452?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Tvos, Apple Iphone Os, Apple Safari, Apple Itunes.