CVE-2014-1366

Apple tvOS < 6.1.1 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Description

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT6537
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59481
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030495
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html

Scores

EPSS 0.0253
EPSS Percentile 83.1%

Details

CWE
CWE-119
Status published
Products (30)
apple/iphone_os 7.0
apple/iphone_os 7.0.1
apple/iphone_os 7.0.2
apple/iphone_os 7.0.3
apple/iphone_os 7.0.4
apple/iphone_os 7.0.5
apple/iphone_os 7.0.6
apple/iphone_os 7.1
apple/iphone_os < 7.1.1
apple/safari 7.0
... and 20 more
Published Jul 01, 2014
Tracked Since Feb 18, 2026