CVE-2014-4383
https://notcve.org/view.php?id=CVE-2014-4383
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. El subsistema de activos en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes man-in-the-middle suplantar el estado de actualización de un dispositivo mediante una cabecera Last-Modified de una respuesta HTTP. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69941 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96088 • CWE-20: Improper Input Validation •
CVE-2014-4410
https://notcve.org/view.php?id=CVE-2014-4410
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, como el utilizado en Apple iOS anteriores a 8 y Apple TV anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado. Se trata de una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-09-17-1 y APPLE-SA-2014-09-17-2. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69881 http://www.securityfocus.com/bid/69966 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4379
https://notcve.org/view.php?id=CVE-2014-4379
An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application. Una función no especificada de IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 carece de límites adecuados para prevenir la lectura de punteros del Kernel, lo que permite a atacantes saltarse el mecanismo de protección ASLR a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69921 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4357
https://notcve.org/view.php?id=CVE-2014-4357
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log. Accounts Framework en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes obtener información sensible mediante la lectura de datos de log que no tenían previsto estar presente en un registro. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69930 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96107 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4373
https://notcve.org/view.php?id=CVE-2014-4373
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. El controlador IntelAccelerator en el subsistema IOAcceleratorFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69934 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96108 https://support.apple.com/kb/HT6535 •