Vulnerabilities > CVE-2014-4404 - Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Mac OS X IOKit Keyboard Driver Root Privilege Escalation. CVE-2014-4404. Local exploit for osx platform |
| id | EDB-ID:35440 |
| last seen | 2016-02-04 |
| modified | 2014-12-02 |
| published | 2014-12-02 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/35440/ |
| title | Mac OS X - IOKit Keyboard Driver Root Privilege Escalation |
Metasploit
| description | A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was patched silently in Yosemite. |
| id | MSF:EXPLOIT/OSX/LOCAL/IOKIT_KEYBOARD_ROOT |
| last seen | 2020-05-28 |
| modified | 2018-05-31 |
| published | 2014-11-25 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/local/iokit_keyboard_root.rb |
| title | Mac OS X IOKit Keyboard Driver Root Privilege Escalation |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_10.NASL description The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 78550 published 2014-10-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78550 title Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-004.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82700 published 2015-04-10 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82700 title Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK) NASL family Misc. NASL id APPLETV_7_0.NASL description According to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 77822 published 2014-09-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77822 title Apple TV < 7 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_3.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 82699 published 2015-04-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82699 title Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/129344/iokit_keyboard_root.rb.txt |
| id | PACKETSTORM:129344 |
| last seen | 2016-12-05 |
| published | 2014-12-02 |
| reporter | joev |
| source | https://packetstormsecurity.com/files/129344/Mac-OS-X-IOKit-Keyboard-Driver-Root-Privilege-Escalation.html |
| title | Mac OS X IOKit Keyboard Driver Root Privilege Escalation |
References
- http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
- http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- https://support.apple.com/kb/HT6535
- https://support.apple.com/HT204659
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://www.securitytracker.com/id/1030866
- http://www.securityfocus.com/bid/69947
- http://www.securityfocus.com/bid/69882
- http://support.apple.com/kb/HT6442
- http://support.apple.com/kb/HT6441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96111