Vulnerabilities > CVE-2014-4466 - Resource Management Errors vulnerability in Apple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id ITUNES_12_2_0.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84504 published 2015-07-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84504 title Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84504); script_version("1.8"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-3192", "CVE-2014-4452", "CVE-2014-4459", "CVE-2014-4466", "CVE-2014-4468", "CVE-2014-4469", "CVE-2014-4470", "CVE-2014-4471", "CVE-2014-4472", "CVE-2014-4473", "CVE-2014-4474", "CVE-2014-4475", "CVE-2014-4476", "CVE-2014-4477", "CVE-2014-4479", "CVE-2015-1068", "CVE-2015-1069", "CVE-2015-1070", "CVE-2015-1071", "CVE-2015-1072", "CVE-2015-1073", "CVE-2015-1074", "CVE-2015-1075", "CVE-2015-1076", "CVE-2015-1077", "CVE-2015-1078", "CVE-2015-1079", "CVE-2015-1080", "CVE-2015-1081", "CVE-2015-1082", "CVE-2015-1083", "CVE-2015-1119", "CVE-2015-1120", "CVE-2015-1121", "CVE-2015-1122", "CVE-2015-1124", "CVE-2015-1152", "CVE-2015-1153", "CVE-2015-1154" ); script_bugtraq_id( 70273, 71137, 71144, 71438, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 72329, 72330, 72331, 73972, 74523, 74525, 74526 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6"); script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks the version of iTunes on Windows."); script_set_attribute(attribute:"synopsis", value: "The remote host contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949"); # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple iTunes 12.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("itunes_detect.nasl"); script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); # Ensure this is Windows get_kb_item_or_exit("SMB/Registry/Enumerated"); app_id = 'iTunes Version'; install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; fixed_version = "12.2.0.145"; if (ver_compare(ver:version, fix:fixed_version) < 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI8_0_2.NASL description The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release. last seen 2020-06-01 modified 2020-06-02 plugin id 80055 published 2014-12-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80055 title Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80055); script_version("1.5"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-1748", "CVE-2014-4465", "CVE-2014-4466", "CVE-2014-4468", "CVE-2014-4469", "CVE-2014-4470", "CVE-2014-4471", "CVE-2014-4472", "CVE-2014-4473", "CVE-2014-4474", "CVE-2014-4475" ); script_bugtraq_id( 71438, 71439, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 71464 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-12-3-1"); script_name(english:"Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities"); script_summary(english:"Checks the Safari version."); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT1222"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/534148"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT6597"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple Safari 6.2.2 / 7.1.2 / 8.0.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.([89]|10)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9 / 10.10"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); # Even though the fixes that the recent # patches replace are no longer availabe, # the older versions are checked to avoid # FPs in the event that the initial fix # is present if ("10.8" >< os) { cutoff = "6.2.1"; fixed_version = "6.2.2"; } else if ("10.9" >< os) { cutoff = "7.1.1"; fixed_version = "7.1.2"; } else { cutoff= "8.0.1"; fixed_version = "8.0.2"; } if (ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);NASL family Misc. NASL id APPLETV_7_0_3.NASL description According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution. (CVE-2014-3192, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A security bypass issue exists due to improper validation of SVG files loaded in an IMG element. An attacker can load a CSS of cross-origin resulting in information disclosure. (CVE-2014-4465) - An issue exists due to the symbolic linking performed by the last seen 2020-06-01 modified 2020-06-02 plugin id 81145 published 2015-02-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81145 title Apple TV < 7.0.3 Multiple Vulnerabilities NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_2_0_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86600 published 2015-10-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86600 title Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)
References
- http://support.apple.com/kb/HT6596
- http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
- http://support.apple.com/HT204246
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
- http://support.apple.com/HT204245
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
- https://support.apple.com/kb/HT204949
- http://www.securityfocus.com/bid/71445