Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability

Bugtraq ID:	69934
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2014-4373
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Oct 17 2014 08:59AM
Credit:	cunzhang from Adlab of Venustech.
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0
Not Vulnerable:

Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability

Apple TV and iOS are prone to a denial-of-service vulnerability.

Attackers can exploit this issue to restart the affected device, denying service to legitimate users.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

This issue is fixed in:

Apple iOS 8
Apple TV 7

Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability

An attacker can use readily available tools to exploit this issue.

Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability

References:

• Apple iOS Homepage (Apple)
  
• Apple TV Homepage (Apple)