Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
BID:69903
Info
Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
| Bugtraq ID: | 69903 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2014-4377 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2014 12:00AM |
| Updated: | Sep 22 2014 06:05PM |
| Credit: | Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program |
| Vulnerable: |
Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0 Apple Apple TV 2.1 Apple Apple TV 1.0 |
| Not Vulnerable: | |
Discussion
Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
Apple TV, Mac OS X, and iOS are prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
Apple TV, Mac OS X, and iOS are prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
References:
References:
- Apple iOS Homepage (Apple)
- Apple TV Homepage (Apple)
- Mac OS X Homepage (Apple)