← Back

CVE-2014-1272

nvd nist
Published: Mar 14, 2014Modified: May 6, 2026

JSON object

Loading...
6.3
Vector
AV:L/AC:M/Au:N/C:N/I:C/A:C
Exploitability: 3.4 / Impact: 9.2
Source: NVD

Description

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

Affected (10)

Products: Apple: Tvos, Iphone Os
Apple
2 products
Tvos
Iphone Os
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Tvos
Up to 6.0.2
Tvos
Version 6.0.1
Tvos
Version 6.0
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Iphone Os
Up to 7.0.6
Iphone Os
Version 7.0.1
Iphone Os
Version 7.0.2
Iphone Os
Version 7.0.3
Iphone Os
Version 7.0.4
Iphone Os
Version 7.0.5
Iphone Os
Version 7.0

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.