Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4496

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-4496
Last Modified 12 Mar 2015 09:59:16
Published 30 Jan 2015 06:59:25
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-4496

Summary

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

Vulnerable Systems

Operating System

  • Apple Iphone Os 8.1.2

Application

  • Apple Tv 7.0.2


References

CONFIRM - http://support.apple.com/HT204246

CONFIRM - http://support.apple.com/HT204245

APPLE - APPLE-SA-2015-01-27-2

APPLE - APPLE-SA-2015-01-27-1

SECTRACK - 1031652

CONFIRM - https://support.apple.com/HT204413

APPLE - APPLE-SA-2015-03-09-3

Related Patches

Apple 2015-002 Security Update for Mac OS X 10.10.2 (HT204413)

Apple 2015-002 Security Update for Mac OS X 10.10.2 (Early 2015 Mac) (HT204413) (Rev 2)


Last Updated: 27 May 2016 11:08:04