Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability

Bugtraq ID:	69939
Class:	Boundary Condition Error
CVE:	CVE-2014-4408
Remote:	No
Local:	Yes
Published:	Sep 17 2014 12:00AM
Updated:	Oct 17 2014 08:59AM
Credit:	The vendor reported this issue.
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0 Apple Apple TV 2.1 Apple Apple TV 1.0
Not Vulnerable:

Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability

Apple iOS and TV are prone to a local memory-corruption vulnerability.

Attackers can exploit this issue to gain access to sensitive information or execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

This issue is fixed in:

Apple iOS 8
Apple TV 7

Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability

References:

• Apple iOS Homepage (Apple)
  
• Apple TV Homepage (Apple)
  
• iPad Homepage (Apple)
  
• iPhone Homepage (Apple)
  
• iPod touch Product Page (Apple)