CVE-2014-4388

Published: Sep 18, 2014Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.

Affected (18)

Products: Apple: Mac Os X, Iphone Os, Tvos

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.9.5

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.1.2
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0.3
Apple Iphone Os	Version 7.0.4
Apple Iphone Os	Version 7.0.5
Apple Iphone Os	Version 7.0.6
Apple Iphone Os	Version 7.0
Apple Iphone Os	Version 7.1.1
Apple Iphone Os	Version 7.1

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Up to 6.2
Apple Tvos	Version 6.0.1
Apple Tvos	Version 6.0.2
Apple Tvos	Version 6.0
Apple Tvos	Version 6.1.1
Apple Tvos	Version 6.1.2
Apple Tvos	Version 6.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Source: product-security@apple.com

http://support.apple.com/kb/HT6441

Source: product-security@apple.com

http://support.apple.com/kb/HT6442

Source: product-security@apple.com

http://support.apple.com/kb/HT6443

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/69882

Source: product-security@apple.com

http://www.securityfocus.com/bid/69948

Source: product-security@apple.com

http://www.securitytracker.com/id/1030866

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96093

Source: product-security@apple.com

https://support.apple.com/kb/HT6535

Source: product-security@apple.com

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6441

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6442

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6443

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/69882

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69948

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030866

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96093

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT6535

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.