Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
BID:69946
Info
Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
| Bugtraq ID: | 69946 |
| Class: | Design Error |
| CVE: |
CVE-2014-4418 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2014 12:00AM |
| Updated: | Sep 17 2014 12:00AM |
| Credit: | Ian Beer of Google Project Zero |
| Vulnerable: |
Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0 |
| Not Vulnerable: | |
Discussion
Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
Apple iOS and TV are prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue is fixed in:
Apple iOS 8
Apple TV 7
Apple iOS and TV are prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue is fixed in:
Apple iOS 8
Apple TV 7
Exploit / POC
Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
References:
References:
- Apple iOS Homepage (Apple)
- Apple TV Homepage (Apple)
- iPad Homepage (Apple)
- iPhone Homepage (Apple)
- iPod touch Product Page (Apple)