CVE Vulnerabilities

CVE-2014-4492

Published: Jan 30, 2015 | Modified: Mar 08, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple * 10.10.1
Iphone_os Apple * 8.1.2
Tvos Apple * 7.0.1

References