Apple iOS CVE-2014-4423 Information Disclosure Vulnerability

Bugtraq ID:	69917
Class:	Design Error
CVE:	CVE-2014-4423
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	Adam Weaver
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 7.0.6 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 for Developer Apple iOS 6 Beta 4 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0
Not Vulnerable:	Apple iOS 8

Apple iOS CVE-2014-4423 Information Disclosure Vulnerability

Apple iOS is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Apple iOS CVE-2014-4423 Information Disclosure Vulnerability

Attackers can use a malicious application to exploit this issue.

Apple iOS CVE-2014-4423 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple iOS CVE-2014-4423 Information Disclosure Vulnerability

References:

• Apple iOS Homepage (Apple)