CVE-2014-4407

Published: Sep 18, 2014Modified: May 6, 2026

3.3

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

Affected (18)

Products: Apple: Tvos, Iphone Os, Mac Os X

3 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Up to 6.2
Apple Tvos	Version 6.0.1
Apple Tvos	Version 6.0.2
Apple Tvos	Version 6.0
Apple Tvos	Version 6.1.1
Apple Tvos	Version 6.1.2
Apple Tvos	Version 6.1

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.1.2
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0.3
Apple Iphone Os	Version 7.0.4
Apple Iphone Os	Version 7.0.5
Apple Iphone Os	Version 7.0.6
Apple Iphone Os	Version 7.0
Apple Iphone Os	Version 7.1.1
Apple Iphone Os	Version 7.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.9.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (20)

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Source: product-security@apple.com

http://support.apple.com/kb/HT6441

Source: product-security@apple.com

http://support.apple.com/kb/HT6442

Source: product-security@apple.com

http://www.securityfocus.com/bid/69882

Source: product-security@apple.com

http://www.securityfocus.com/bid/69912

Source: product-security@apple.com

http://www.securitytracker.com/id/1030866

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96078

Source: product-security@apple.com

https://support.apple.com/kb/HT6535

Source: product-security@apple.com

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6441

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6442

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69882

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69912

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030866

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96078

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT6535

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.