CVE-2014-4405
https://notcve.org/view.php?id=CVE-2014-4405
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (referencia a puntero nulo) a través de una aplicación que provee propiedades de asignación de teclas manipuladas. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69938 http://www.securitytracker.com/id/1030866 https://exchange.xforce •
CVE-2014-4388
https://notcve.org/view.php?id=CVE-2014-4388
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. IOKit en Apple iOS anterior a 8 y Apple TV anterior a 7 no valida debidamente los metadatos de objetos IODataQueue, lo que permite a atacantes ejecutar código arbitrario en contexto privilegiado a traves de una aplicación que provee valores modificados en campos de metadatos no especificados, una vulnerabilidad diferente a CVE-2014-4418. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69948 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96093 htt • CWE-20: Improper Input Validation •
CVE-2014-4408
https://notcve.org/view.php?id=CVE-2014-4408
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. La función rt_setgate en el kernel en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a usuarios locales ganar privilegios o causar una denegación de servicio (lectura fuera de rango y caída de dispositivo) a través de una llamada manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69939 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96086 https://support.apple.com/kb/HT6535 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4410
https://notcve.org/view.php?id=CVE-2014-4410
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. WebKit, como el utilizado en Apple iOS anteriores a 8 y Apple TV anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado. Se trata de una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2014-09-17-1 y APPLE-SA-2014-09-17-2. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://secunia.com/advisories/61306 http://secunia.com/advisories/61318 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://www.securityfocus.com/bid/69881 http://www.securityfocus.com/bid/69966 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-4389
https://notcve.org/view.php?id=CVE-2014-4389
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. Desbordamiento de enteros en IOKit en Apple iOS anterior a 8 y Apple TV anterior 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee argumentos API manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://support.apple.com/HT204244 http://support.apple.com/kb/HT6441 http://support.apple.com/kb/HT6442 http://support.apple.com/kb/HT6443 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69950 http://www.securitytracker.com/id/1030866 https://ex • CWE-189: Numeric Errors •