CVE-2014-4404

HIGH KEV

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

Title source: metasploit

Description

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalosx
https://www.exploit-db.com/exploits/35440
metasploit WORKING POC MANUAL
by Ian Beer, joev · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/iokit_keyboard_root.rb

References (13)

Scores

CVSS v3 7.8
EPSS 0.6200
EPSS Percentile 98.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-02-10
VulnCheck KEV 2022-02-10
InTheWild.io 2022-02-10
ENISA EUVD EUVD-2014-4331
CWE
CWE-787
Status published
Products (3)
apple/iphone_os < 8.0
apple/mac_os_x < 10.10.0
apple/tvos < 7.0
Published Sep 18, 2014
KEV Added Feb 10, 2022
Tracked Since Feb 18, 2026