APPLE-SA-2014-09-17-1

APPLE-SA-2014-09-17-2

http://support.apple.com/kb/HT6441

http://support.apple.com/kb/HT6442

69882

69929

1030866

appleios-cve20144369-dos(96106)

According to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution.

The following components contain vulnerabilities that have since been patched in version 7.0:

  - 802.1X
  - Accounts
  - Accessibility
  - Accounts Framework
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - CoreGraphics
  - Foundation
  - Home & Lock Screen
  - iMessage
  - IOAcceleratorFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - syslog
  - WebKit

The mobile device is running a version of iOS prior to version 8. It is, therefore, affected by vulnerabilities in the following components :

  - 802.1X
  - Accessibility
  - Accounts
  - Accounts Framework
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home and Lock Screen
  - iMessage
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - syslog
  - Weather
  - WebKit
  - Wifi

According to its banner, the remote iOS device is missing a security update.  Versions of Apple iOS prior to 8.0 are affected by vulnerabilities within the following components :

  - 802.1X
  - Accessibility
  - Accounts Framework
  - Accounts
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home & Lock Screen
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - Weather
  - WebKit
  - WiFi
  - iMessage
  - syslog

ID	Name	Product	Family	Severity
77822	Apple TV < 7 Multiple Vulnerabilities	Nessus	Misc.	high
8392	Apple TV < 7 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
77745	Apple iOS < 8 Multiple Vulnerabilities	Nessus	Mobile Devices	high
8393	Apple iOS < 8.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high

CVE-2014-4369

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

critical

high

high