Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
BID:69923
Info
Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
| Bugtraq ID: | 69923 |
| Class: | Design Error |
| CVE: |
CVE-2014-4372 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 17 2014 12:00AM |
| Updated: | Sep 17 2014 12:00AM |
| Credit: | Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC). |
| Vulnerable: |
Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 7.0.6 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Beta 4 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 6.0.2 Apple Apple TV 5.2.1 Apple Apple TV 5.1.1 Apple Apple TV 4.4.2 Apple Apple TV 4.4 Apple Apple TV 6.1.2 Apple Apple TV 6.1.1 Apple Apple TV 6.1 Apple Apple TV 6.0.1 Apple Apple TV 6.0 Apple Apple TV 5.2 Apple Apple TV 5.1.0 Apple Apple TV 5.1 Apple Apple TV 5.0.2 Apple Apple TV 5.0.1 Apple Apple TV 5.0.0 Apple Apple TV 5.0 Apple Apple TV 4.4.4 Apple Apple TV 4.4.3 Apple Apple TV 4.4 Apple Apple TV 4.3.0 Apple Apple TV 4.3 Apple Apple TV 4.2.2 Apple Apple TV 4.2.1 Apple Apple TV 4.2.0 Apple Apple TV 4.2 Apple Apple TV 4.1.1 Apple Apple TV 4.1.0 Apple Apple TV 4.1 Apple Apple TV 4.0 Apple Apple TV 3.0.2 Apple Apple TV 3.0.1 Apple Apple TV 3.0.0 Apple Apple TV 2.4.0 Apple Apple TV 2.3.1 Apple Apple TV 2.3.0 Apple Apple TV 2.2.0 Apple Apple TV 2.1 Apple Apple TV 1.0 |
| Not Vulnerable: |
Apple iOS 8 Apple Apple TV 7 |
Discussion
Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
Apple iOS and TV are prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
Apple iOS and TV are prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
An attacker requires local interactive access to exploit the issue.
An attacker requires local interactive access to exploit the issue.
Solution / Fix
Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
References:
References:
- Apple iOS Homepage (Apple)
- Apple TV Homepage (Apple)
- About the security content of Apple TV 7 (Apple)
- About the security content of iOS 8 (Apple)