CVE-2014-4461

Apple iOS <8.1.1 & Apple TV <7.0.2 - RCE

Title source: llm
STIX 2.1

Description

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98774
Vendor Advisory x_refsource_confirm
https://support.apple.com/en-us/HT6590
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71136
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031231
Vendor Advisory x_refsource_confirm
http://support.apple.com/HT204244
Vendor Advisory x_refsource_confirm
https://support.apple.com/en-us/HT204420
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/en-us/HT204418
Vendor Advisory x_refsource_confirm
https://support.apple.com/en-us/HT6592

Scores

EPSS 0.0340
EPSS Percentile 87.4%

Details

CWE
CWE-20
Status published
Products (18)
apple/iphone_os 8.0
apple/iphone_os 8.0.1
apple/iphone_os 8.0.2
apple/iphone_os < 8.1
apple/mac_os_x 10.8.5
apple/mac_os_x 10.9.5
apple/mac_os_x 10.10.0
apple/mac_os_x < 10.10.1
apple/tvos 6.0
apple/tvos 6.0.1
... and 8 more
Published Nov 18, 2014
Tracked Since Feb 18, 2026