CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Desbordamiento de buffer basado en memoria dinámica en IOHIDFamily en Apple iOS anterior a 8 y Apple TV anterior a 7 permite a atacantes ejecutar código en un contexto privilegiado a través de una aplicación que provee propiedades manipuladas de asignación de teclas.

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.

Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-06-20 CVE Reserved
2014-09-17 CVE Published
2014-12-02 First Exploit
2022-02-10 Exploited in Wild
2022-08-10 KEV Due Date
2024-07-25 EPSS Updated
2024-08-06 CVE Updated

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (13)

URL	Tag	Source
http://www.securityfocus.com/bid/69882	Broken Link
http://www.securityfocus.com/bid/69947	Broken Link
http://www.securitytracker.com/id/1030866	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/96111	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/35440	2014-12-02

URL	Date	SRC

URL	Date	SRC
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html	2024-07-24
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html	2024-07-24
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	2024-07-24
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	2024-07-24
http://support.apple.com/kb/HT6441	2024-07-24
http://support.apple.com/kb/HT6442	2024-07-24
https://support.apple.com/HT204659	2024-07-24
https://support.apple.com/kb/HT6535	2024-07-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 8.0 Search vendor "Apple" for product "Iphone Os" and version " < 8.0"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.10.0 Search vendor "Apple" for product "Mac Os X" and version " < 10.10.0"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				>= 10.10.1 < 10.10.3 Search vendor "Apple" for product "Mac Os X" and version " >= 10.10.1 < 10.10.3"		-		Affected
Apple Search vendor "Apple"		Tvos Search vendor "Apple" for product "Tvos"				< 7.0 Search vendor "Apple" for product "Tvos" and version " < 7.0"		-		Affected