Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability

Bugtraq ID:	69905
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2014-4374
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	George Gal of VSR
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0
Not Vulnerable:

Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability

Apple Mac OS X and iOS are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability

References:

• Apple iOS Homepage (Apple)
  
• Mac OS X Homepage (Apple)