9.3
CVE-2014-4461
- EPSS 3.4%
- Veröffentlicht 18.11.2014 11:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.4% | 0.873 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://support.apple.com/HT204244
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html
https://support.apple.com/en-us/HT204418
https://support.apple.com/en-us/HT6590
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html
http://www.securitytracker.com/id/1031231
https://support.apple.com/en-us/HT204420
https://support.apple.com/en-us/HT6592
http://www.securityfocus.com/bid/71136
https://exchange.xforce.ibmcloud.com/vulnerabilities/98774