CVE-2014-4455

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

References

http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

http://support.apple.com/HT204245

http://support.apple.com/HT204246

http://www.securityfocus.com/bid/71140

http://www.securitytracker.com/id/1031231

https://exchange.xforce.ibmcloud.com/vulnerabilities/98773

https://support.apple.com/en-us/HT204418

https://support.apple.com/en-us/HT204420

https://support.apple.com/en-us/HT6590

https://support.apple.com/en-us/HT6592

Details

Source: MITRE

Published: 2014-11-18

Updated: 2019-03-08

Type: CWE-264

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
8939Apple TV < 7.0.2 Multiple VulnerabilitiesNessus Network MonitorInternet Services
high
8940Apple iOS 8.x < 8.1.1 Multiple Vulnerabilities.Nessus Network MonitorMobile Devices
high
81145Apple TV < 7.0.3 Multiple VulnerabilitiesNessusMisc.
critical
81050Apple iOS < 8.1.3 Multiple VulnerabilitiesNessusMobile Devices
critical
79360Apple TV < 7.0.2 Multiple VulnerabilitiesNessusMisc.
high
79312Apple iOS < 8.1.1 Multiple VulnerabilitiesNessusMobile Devices
high