Vulnerabilities > CVE-2014-4474 - Resource Management Errors vulnerability in Apple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
apple
CWE-399
nessus

Summary

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

Vulnerable Configurations

Part Description Count
Application
Apple
315
OS
Apple
164

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idITUNES_12_2_0.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84504
    published2015-07-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84504
    titleApple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84504);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-3192",
        "CVE-2014-4452",
        "CVE-2014-4459",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475",
        "CVE-2014-4476",
        "CVE-2014-4477",
        "CVE-2014-4479",
        "CVE-2015-1068",
        "CVE-2015-1069",
        "CVE-2015-1070",
        "CVE-2015-1071",
        "CVE-2015-1072",
        "CVE-2015-1073",
        "CVE-2015-1074",
        "CVE-2015-1075",
        "CVE-2015-1076",
        "CVE-2015-1077",
        "CVE-2015-1078",
        "CVE-2015-1079",
        "CVE-2015-1080",
        "CVE-2015-1081",
        "CVE-2015-1082",
        "CVE-2015-1083",
        "CVE-2015-1119",
        "CVE-2015-1120",
        "CVE-2015-1121",
        "CVE-2015-1122",
        "CVE-2015-1124",
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154"
      );
      script_bugtraq_id(
        70273,
        71137,
        71144,
        71438,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        72329,
        72330,
        72331,
        73972,
        74523,
        74525,
        74526
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6");
    
      script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks the version of iTunes on Windows.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    prior to 12.2. It is, therefore, affected by multiple vulnerabilities
    in the bundled version of WebKit, including denial of service and
    arbitrary code execution vulnerabilities.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949");
      # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 12.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    # Ensure this is Windows
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    app_id = 'iTunes Version';
    install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);
    
    version = install["version"];
    path = install["path"];
    
    fixed_version = "12.2.0.145";
    if (ver_compare(ver:version, fix:fixed_version) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI8_0_2.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release.
    last seen2020-06-01
    modified2020-06-02
    plugin id80055
    published2014-12-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80055
    titleMac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80055);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2014-1748",
        "CVE-2014-4465",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475"
      );
      script_bugtraq_id(
        71438,
        71439,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        71464
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-12-3-1");
    
      script_name(english:"Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks the Safari version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Safari installed on the remote Mac OS X host is a
    version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by
    the following vulnerabilities in WebKit :
    
      - An SVG loaded in an IMG element could load a CSS file
        cross-origin. This can allow data exfiltration.
        (CVE-2014-4465)
    
      - A UI spoofing flaw exists in the handling of scrollbar
        boundaries. Visiting websites that frame malicious
        content can allow the UI to be spoofed. (CVE-2014-1748)
    
      - Multiple memory corruption issues exist that can lead to
        an unexpected application crash or potential arbitrary
        code execution by means of malicious website content.
        (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466,
        CVE-2014-4468, CVE-2014-4469, CVE-2014-4470,
        CVE-2014-4471, CVE-2014-4472, CVE-2014-4473,
        CVE-2014-4474, CVE-2014-4475)
    
    Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the
    security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more
    recent updates, however, were released to fix potential issues with
    the installation of the previous patch release.");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT1222");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/534148");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT6597");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple Safari 6.2.2 / 7.1.2 / 8.0.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    if (!ereg(pattern:"Mac OS X 10\.([89]|10)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9 / 10.10");
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    # Even though the fixes that the recent
    # patches replace are no longer availabe,
    # the older versions are checked to avoid
    # FPs in the event that the initial fix
    # is present
    if ("10.8" >< os)
    {
      cutoff = "6.2.1";
      fixed_version = "6.2.2";
    }
    else if ("10.9" >< os)
    {
      cutoff = "7.1.1";
      fixed_version = "7.1.2";
    }
    else
    {
      cutoff= "8.0.1";
      fixed_version = "8.0.2";
    }
    
    if (ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
    
  • NASL familyMisc.
    NASL idAPPLETV_7_0_3.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution. (CVE-2014-3192, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A security bypass issue exists due to improper validation of SVG files loaded in an IMG element. An attacker can load a CSS of cross-origin resulting in information disclosure. (CVE-2014-4465) - An issue exists due to the symbolic linking performed by the
    last seen2020-06-01
    modified2020-06-02
    plugin id81145
    published2015-02-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81145
    titleApple TV < 7.0.3 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_2_0_BANNER.NASL
    descriptionThe version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id86600
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86600
    titleApple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)