CVE-2014-4467

Published: Jan 30, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

Affected (1)

Products: Apple: Iphone Os

Apple

1 product

Iphone Os

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.1.2

Related CWEs

CWE-17

References (4)

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/HT204245

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/HT204245

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.