CVE-2014-8840
- EPSS 2.24%
- Veröffentlicht 30.01.2015 11:59:49
- Zuletzt bearbeitet 06.05.2026 22:30:45
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
- EPSS 1.82%
- Veröffentlicht 30.01.2015 11:59:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism ...
- EPSS 2.94%
- Veröffentlicht 30.01.2015 11:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restric...
CVE-2014-4494
- EPSS 0.9%
- Veröffentlicht 30.01.2015 11:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterp...
CVE-2014-4493
- EPSS 1.01%
- Veröffentlicht 30.01.2015 11:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
CVE-2014-4492
- EPSS 19.73%
- Veröffentlicht 30.01.2015 11:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC mes...
- EPSS 3.24%
- Veröffentlicht 30.01.2015 11:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer...
- EPSS 1.7%
- Veröffentlicht 30.01.2015 11:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass ...
- EPSS 3.24%
- Veröffentlicht 30.01.2015 11:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- EPSS 3.68%
- Veröffentlicht 30.01.2015 11:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.