Vulnerabilities > CVE-2014-4486 - Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
apple
critical
nessus

Summary

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

Vulnerable Configurations

Part Description Count
OS
Apple
252

Nessus

  • NASL familyMisc.
    NASL idAPPLETV_7_0_3.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution. (CVE-2014-3192, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A security bypass issue exists due to improper validation of SVG files loaded in an IMG element. An attacker can load a CSS of cross-origin resulting in information disclosure. (CVE-2014-4465) - An issue exists due to the symbolic linking performed by the
    last seen2020-06-01
    modified2020-06-02
    plugin id81145
    published2015-02-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81145
    titleApple TV < 7.0.3 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components : - AFP Server - Bluetooth - CoreGraphics - CoreSymbolication - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Sandbox - SceneKit - Security - security_taskgate - Spotlight - sysmond Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id81088
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81088
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components : - bash - Bluetooth - CFNetwork Cache - CommerceKit Framework - CoreGraphics - CoreSymbolication - CPU Software - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - IOUSBFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Safari - SceneKit - Security - security_taskgate - Spotlight - SpotlightIndex - sysmond - UserAccountUpdater Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id81087
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81087
    titleMac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)