Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2014-4404

Published: 18/09/2014 Updated: 08/03/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

Heap-based buffer overflow in IOHIDFamily in Apple iOS prior to 8 and Apple TV prior to 7 allows malicious users to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

apple tvos 6.1.2

apple tvos 6.1.1

apple tvos 6.1

apple tvos 6.0.2

apple tvos 6.0.1

apple tvos 6.0

apple tvos

apple iphone os 7.0.5

apple iphone os 7.0.4

apple iphone os 7.0.3

apple iphone os 7.0.2

apple iphone os 7.0.1

apple iphone os 7.0

apple iphone os 7.1.1

apple iphone os 7.0.6

apple iphone os 7.1

apple iphone os

Exploits

Exploit DB: Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = ManualRanking # Can cause kernel crash include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDrop ...
Exploit DB: Mac OS X IOKit Keyboard Driver Root Privilege Escalation
A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 1010 By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass Tested on Mavericks 1095, and should work on previous versions The issue has been patched silently in Yosemite ...

References

CWE-119http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttps://support.apple.com/kb/HT6535https://support.apple.com/HT204659http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://www.securitytracker.com/id/1030866http://www.securityfocus.com/bid/69947http://www.securityfocus.com/bid/69882http://support.apple.com/kb/HT6442http://support.apple.com/kb/HT6441https://exchange.xforce.ibmcloud.com/vulnerabilities/96111https://nvd.nist.govhttps://www.exploit-db.com/exploits/35440/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook