NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69882
http://www.securityfocus.com/bid/69905
Source: MITRE
Published: 2014-09-18
Updated: 2017-08-29
Type: NVD-CWE-Other
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
OR
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.4 (inclusive)
OR
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 7.1.2 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
8394 | Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004) | Nessus Network Monitor | Web Clients | critical |
77748 | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
77745 | Apple iOS < 8 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
8393 | Apple iOS < 8.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | high |