Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability

Bugtraq ID:	69950
Class:	Unknown
CVE:	CVE-2014-4389
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	Ian Beer of Google Project Zero
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0
Not Vulnerable:

Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability

Apple TV, Mac OS X, and iOS are prone to an integer buffer-overflow vulnerability.

An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

This issue is fixed in:

Apple Mac Os X 10.9.5
Apple iOS 8
Apple TV 7

Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability

References:

• Apple iOS Homepage (Apple)
  
• Apple TV Homepage (Apple)
  
• iPad Homepage (Apple)
  
• iPhone Homepage (Apple)
  
• iPod touch Product Page (Apple)
  
• Mac OS X Homepage (Apple)