CVE-2014-4378

Apple iOS <8, Apple TV <7 - Info Disclosure/DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4378. PoCs published by feliam.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2014-4378, an information disclosure vulnerability in Apple CoreGraphics. The exploit crafts a malicious PDF file to leak memory layout information, aiding in bypassing exploit mitigations like ASLR and DEP.

Description

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

Exploits (1)

nomisec WORKING POC 18 stars

by feliam · poc

https://github.com/feliam/CVE-2014-4378

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2014-4378, an information disclosure vulnerability in Apple CoreGraphics. The exploit crafts a malicious PDF file to leak memory layout information, aiding in bypassing exploit mitigations like ASLR and DEP.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apple CoreGraphics (iOS 7.1.x)

No auth needed

Prerequisites: Target device running iOS 7.1.x · Ability to deliver a crafted PDF file to the target

MITRE ATT&CK