Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4494

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-4494
Last Modified 18 Feb 2015 09:59:21
Published 30 Jan 2015 06:59:23
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-4494

Summary

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

Vulnerable Systems

Operating System

  • Apple Iphone Os 8.1.2


References

CONFIRM - http://support.apple.com/HT204245

APPLE - APPLE-SA-2015-01-27-2

SECTRACK - 1031652


Last Updated: 27 May 2016 11:07:39