Vulnerabilities > CVE-2014-4492 - Data Processing Errors vulnerability in Apple mac OS X
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- XML Nested Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
- XML Oversized Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
- XML Client-Side Attack Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
- XML Parser Attack Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Exploit-Db
description | OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape. CVE-2014-4492. Local exploit for osx platform |
file | exploits/osx/local/35847.c |
id | EDB-ID:35847 |
last seen | 2016-02-04 |
modified | 2015-01-20 |
platform | osx |
port | |
published | 2015-01-20 |
reporter | Google Security Research |
source | https://www.exploit-db.com/download/35847/ |
title | OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape |
type | local |
Nessus
NASL family Misc. NASL id APPLETV_7_0_3.NASL description According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution. (CVE-2014-3192, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A security bypass issue exists due to improper validation of SVG files loaded in an IMG element. An attacker can load a CSS of cross-origin resulting in information disclosure. (CVE-2014-4465) - An issue exists due to the symbolic linking performed by the last seen 2020-06-01 modified 2020-06-02 plugin id 81145 published 2015-02-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81145 title Apple TV < 7.0.3 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-001.NASL description The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components : - AFP Server - Bluetooth - CoreGraphics - CoreSymbolication - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Sandbox - SceneKit - Security - security_taskgate - Spotlight - sysmond Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 81088 published 2015-01-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81088 title Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_2.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components : - bash - Bluetooth - CFNetwork Cache - CommerceKit Framework - CoreGraphics - CoreSymbolication - CPU Software - FontParser - Foundation - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit - IOUSBFamily - Kernel - LaunchServices - libnetcore - LoginWindow - lukemftp - OpenSSL - Safari - SceneKit - Security - security_taskgate - Spotlight - SpotlightIndex - sysmond - UserAccountUpdater Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 81087 published 2015-01-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81087 title Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)
References
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
- https://code.google.com/p/google-security-research/issues/detail?id=92
- http://support.apple.com/HT204246
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://support.apple.com/HT204245
- http://support.apple.com/HT204244
- http://www.exploit-db.com/exploits/35847
- http://www.osvdb.org/114862
- http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html