Vulnerabilities > CVE-2014-4421 - Security vulnerability in Apple Iphone OS, mac OS X and Tvos

047910
CVSS 1.9 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
apple
nessus

Summary

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. <a href="http://cwe.mitre.org/data/definitions/824.html" target="_blank">CWE-665: Improper Initialization</a>

Vulnerable Configurations

Part Description Count
OS
Apple
243

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10.NASL
    descriptionThe remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id78550
    published2014-10-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78550
    titleMac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components : - bash - Bluetooth - CFNetwork Cache - CommerceKit Framework - CoreGraphics - CoreSymbolication - CPU Software - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - IOUSBFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Safari - SceneKit - Security - security_taskgate - Spotlight - SpotlightIndex - sysmond - UserAccountUpdater Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id81087
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81087
    titleMac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)
  • NASL familyMisc.
    NASL idAPPLETV_7_0.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id77822
    published2014-09-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77822
    titleApple TV < 7 Multiple Vulnerabilities