Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability

Bugtraq ID:	69936
Class:	Race Condition Error
CVE:	CVE-2014-4386
Remote:	No
Local:	Yes
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	evad3rs
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0
Not Vulnerable:

Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability

Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a local privilege-escalation vulnerability.

Successfully exploiting this issue can allow attackers to elevate privileges and and install unverified applications.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability

References:

• iOS Homepage (Apple)
  
• iPhone Product Page (Apple)
  
• iPod touch Product Page (Apple)