Apple: >> Iphone Os >> 1.1.4 Security Vulnerabilities
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-09-18
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
CVSS Score
1.9
EPSS Score
0.0
Published
2014-09-18
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access.
CVSS Score
1.9
EPSS Score
0.0
Published
2014-09-18
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
CVSS Score
7.8
EPSS Score
0.005
Published
2014-09-18
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
CVSS Score
9.3
EPSS Score
0.017
Published
2014-09-18
CVE-2014-4404
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
Known exploited
CVSS Score
7.8
EPSS Score
0.62
Published
2014-09-18
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
CVSS Score
9.3
EPSS Score
0.018
Published
2014-09-18
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVSS Score
3.3
EPSS Score
0.002
Published
2014-09-18
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
CVSS Score
6.9
EPSS Score
0.0
Published
2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
CVSS Score
2.1
EPSS Score
0.0
Published
2014-09-18