CVE-2014-4423

Published: Sep 18, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.

Affected (10)

Products: Apple: Iphone Os

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 7.1.2
Apple Iphone Os	Version 7.0.1
Apple Iphone Os	Version 7.0.2
Apple Iphone Os	Version 7.0.3
Apple Iphone Os	Version 7.0.4
Apple Iphone Os	Version 7.0.5
Apple Iphone Os	Version 7.0.6
Apple Iphone Os	Version 7.0
Apple Iphone Os	Version 7.1.1
Apple Iphone Os	Version 7.1

Related CWEs

References (12)

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: product-security@apple.com

http://support.apple.com/kb/HT6441

Source: product-security@apple.com

http://www.securityfocus.com/bid/69882

Source: product-security@apple.com

http://www.securityfocus.com/bid/69917

Source: product-security@apple.com

http://www.securitytracker.com/id/1030866

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/96099

Source: product-security@apple.com

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT6441

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69882

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69917

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030866

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96099

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.