CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 3CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
https://notcve.org/view.php?id=CVE-2014-4492
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esperados, lo que permite a atacantes ejecutar código arbitrario en un contexto _networkd a través de un mensaje XPC manipulado de una aplicación con sandbox, tal y como fue demostrado mediante la falta de verificación de un tipo de datos del diccionario de XPC. networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value. • https://www.exploit-db.com/exploits/35847 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.exploit-db.com&# • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 0CVE-2014-4485
https://notcve.org/view.php?id=CVE-2014-4485
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Desbordamiento de buffer en el analizador sintáctico de XML en Foundation en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2014-4488
https://notcve.org/view.php?id=CVE-2014-4488
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no valida correctamente los metadatos de la cola de recursos, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-19: Data Processing Errors •
CVSS: 6.8EPSS: 3%CPEs: 3EXPL: 1CVE-2014-4481
https://notcve.org/view.php?id=CVE-2014-4481
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Desbordamiento de enteros en CoreGraphics en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 pemite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un documento PDF manipulado. • https://github.com/feliam/CVE-2014-4481 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4487
https://notcve.org/view.php?id=CVE-2014-4487
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de buffer en IOHIDFamily en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securitytracker.com/id/1031650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •