CVE-2014-4461 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2014-4461?

CVE-2014-4461 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4461?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos.

Vulnerability Description

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	<= 8.1
Apple	Mac Os X	<= 10.10.1
Apple	Tvos	<= 7.0.1

Related Weaknesses (CWE)

CWE-20

References

http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlVendor Advisory
http://support.apple.com/HT204244Vendor Advisory
http://www.securityfocus.com/bid/71136
http://www.securitytracker.com/id/1031231
https://exchange.xforce.ibmcloud.com/vulnerabilities/98774
https://support.apple.com/en-us/HT204418
https://support.apple.com/en-us/HT204420
https://support.apple.com/en-us/HT6590Vendor Advisory
https://support.apple.com/en-us/HT6592
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.htmlVendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlVendor Advisory
http://support.apple.com/HT204244Vendor Advisory

FAQ

What is CVE-2014-4461?

CVE-2014-4461 is a vulnerability with a CVSS score of 9.3 (HIGH). The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context vi...

How severe is CVE-2014-4461?

CVE-2014-4461 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4461?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos.