Vulnerabilities > CVE-2014-4404 - Out-of-bounds Write vulnerability in Apple Iphone OS and mac OS X

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
apple
CWE-787
nessus
exploit available
metasploit

Summary

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Vulnerable Configurations

Part Description Count
OS
Apple
251

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMac OS X IOKit Keyboard Driver Root Privilege Escalation. CVE-2014-4404. Local exploit for osx platform
idEDB-ID:35440
last seen2016-02-04
modified2014-12-02
published2014-12-02
reportermetasploit
sourcehttps://www.exploit-db.com/download/35440/
titleMac OS X - IOKit Keyboard Driver Root Privilege Escalation

Metasploit

descriptionA heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was patched silently in Yosemite.
idMSF:EXPLOIT/OSX/LOCAL/IOKIT_KEYBOARD_ROOT
last seen2020-05-28
modified2018-05-31
published2014-11-25
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/local/iokit_keyboard_root.rb
titleMac OS X IOKit Keyboard Driver Root Privilege Escalation

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10.NASL
    descriptionThe remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id78550
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78550
    titleMac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - FontParser - Graphics Driver - ImageIO - IOHIDFamily - Kernel - LaunchServices - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - Security - Code SIgning - UniformTypeIdentifiers Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82700
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82700
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
  • NASL familyMisc.
    NASL idAPPLETV_7_0.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id77822
    published2014-09-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77822
    titleApple TV < 7 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - Apache - ATS - Certificate Trust Policy - CFNetwork HTTPProtocol - CFNetwork Session - CFURL - CoreAnimation - FontParser - Graphics Driver - Hypervisor - ImageIO - IOHIDFamily - Kernel - LaunchServices - libnetcore - ntp - Open Directory Client - OpenLDAP - OpenSSL - PHP - QuickLook - SceneKit - ScreenSharing - Security - Code SIgning - UniformTypeIdentifiers - WebKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id82699
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82699
    titleMac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/129344/iokit_keyboard_root.rb.txt
idPACKETSTORM:129344
last seen2016-12-05
published2014-12-02
reporterjoev
sourcehttps://packetstormsecurity.com/files/129344/Mac-OS-X-IOKit-Keyboard-Driver-Root-Privilege-Escalation.html
titleMac OS X IOKit Keyboard Driver Root Privilege Escalation