Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-4496

Published: 30/01/2015 Updated: 08/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Apple

Vulnerability Summary

The mach_port_kobject interface in the kernel in Apple iOS prior to 8.1.3 and Apple TV prior to 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for malicious users to bypass the ASLR protection mechanism via a crafted app.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple tvos

Recent Articles

Apple slips out security patches while world goes gaga over watches
The Register • Shaun Nichols in San Francisco • 10 Mar 2015

Remote-code exec in iOS, OS X iCloud, plus FREAK fix

While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack...

Read more...

References

CWE-264http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.htmlhttp://support.apple.com/HT204246http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.htmlhttp://support.apple.com/HT204245http://www.securitytracker.com/id/1031652http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.htmlhttps://support.apple.com/HT204413http://www.securityfocus.com/bid/72334https://nvd.nist.govhttps://www.theregister.co.uk/2015/03/10/apple_ios_os_x_security_patches/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook