cvelistv5 - CVE-2014-4494

CVE-2014-4494 (GCVE-0-2014-4494)

Vulnerability from cvelistv5 – Published: 2015-01-30 11:00 – Updated: 2024-08-06 11:20

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://support.apple.com/HT204245	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id/1031652	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:20:26.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/HT204245"
          },
          {
            "name": "APPLE-SA-2015-01-27-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
          },
          {
            "name": "1031652",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031652"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-02-16T15:57:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/HT204245"
        },
        {
          "name": "APPLE-SA-2015-01-27-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
        },
        {
          "name": "1031652",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031652"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-4494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/HT204245",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/HT204245"
            },
            {
              "name": "APPLE-SA-2015-01-27-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
            },
            {
              "name": "1031652",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031652"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2014-4494",
    "datePublished": "2015-01-30T11:00:00",
    "dateReserved": "2014-06-20T00:00:00",
    "dateUpdated": "2024-08-06T11:20:26.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1.2\", \"matchCriteriaId\": \"31944D25-25B6-4EA4-92B0-6B03921E0CCE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.\"}, {\"lang\": \"es\", \"value\": \"Springboard en Apple iOS anterior a 8.1.3 no valida correctamente firmas cuando determine si solicitar una decisi\\u00f3n de confianza de la aplicaci\\u00f3n del usuario, lo que permite a atacantes evadir las restricciones del primer lanzamiento mediante el aprovechamiento del acceso a un certificado de la distribuci\\u00f3n del negocio para firmar una aplicaci\\u00f3n manipulada.\"}]",
      "id": "CVE-2014-4494",
      "lastModified": "2024-11-21T02:10:18.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-30T11:59:23.453",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/HT204245\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031652\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://support.apple.com/HT204245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4494\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-01-30T11:59:23.453\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.\"},{\"lang\":\"es\",\"value\":\"Springboard en Apple iOS anterior a 8.1.3 no valida correctamente firmas cuando determine si solicitar una decisi\u00f3n de confianza de la aplicaci\u00f3n del usuario, lo que permite a atacantes evadir las restricciones del primer lanzamiento mediante el aprovechamiento del acceso a un certificado de la distribuci\u00f3n del negocio para firmar una aplicaci\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2\",\"matchCriteriaId\":\"31944D25-25B6-4EA4-92B0-6B03921E0CCE\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/HT204245\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031652\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/HT204245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2014-4494

Vulnerability from fkie_nvd - Published: 2015-01-30 11:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html	Vendor Advisory
product-security@apple.com	http://support.apple.com/HT204245	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1031652
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/HT204245	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031652

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31944D25-25B6-4EA4-92B0-6B03921E0CCE",
              "versionEndIncluding": "8.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app."
    },
    {
      "lang": "es",
      "value": "Springboard en Apple iOS anterior a 8.1.3 no valida correctamente firmas cuando determine si solicitar una decisi\u00f3n de confianza de la aplicaci\u00f3n del usuario, lo que permite a atacantes evadir las restricciones del primer lanzamiento mediante el aprovechamiento del acceso a un certificado de la distribuci\u00f3n del negocio para firmar una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2014-4494",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-30T11:59:23.453",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/HT204245"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1031652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/HT204245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031652"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-042

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à iOS 8.1.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 27 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iOS 8.1.3\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4486"
    },
    {
      "name": "CVE-2014-4488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4488"
    },
    {
      "name": "CVE-2014-4485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4485"
    },
    {
      "name": "CVE-2014-4469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4469"
    },
    {
      "name": "CVE-2014-4481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4481"
    },
    {
      "name": "CVE-2014-4492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4492"
    },
    {
      "name": "CVE-2014-4495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4495"
    },
    {
      "name": "CVE-2014-4479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4479"
    },
    {
      "name": "CVE-2014-4480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4480"
    },
    {
      "name": "CVE-2014-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4455"
    },
    {
      "name": "CVE-2014-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4459"
    },
    {
      "name": "CVE-2014-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4470"
    },
    {
      "name": "CVE-2014-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3192"
    },
    {
      "name": "CVE-2014-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8840"
    },
    {
      "name": "CVE-2014-4471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4471"
    },
    {
      "name": "CVE-2014-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4483"
    },
    {
      "name": "CVE-2014-4475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4475"
    },
    {
      "name": "CVE-2014-4489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4489"
    },
    {
      "name": "CVE-2014-4473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4473"
    },
    {
      "name": "CVE-2014-4468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4468"
    },
    {
      "name": "CVE-2014-4474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4474"
    },
    {
      "name": "CVE-2014-4466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4466"
    },
    {
      "name": "CVE-2014-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4472"
    },
    {
      "name": "CVE-2014-4487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4487"
    },
    {
      "name": "CVE-2014-4491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4491"
    },
    {
      "name": "CVE-2014-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4476"
    },
    {
      "name": "CVE-2014-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4465"
    },
    {
      "name": "CVE-2014-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4494"
    },
    {
      "name": "CVE-2014-4484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4484"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2014-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4467"
    },
    {
      "name": "CVE-2014-4477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4477"
    },
    {
      "name": "CVE-2014-4493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4493"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-042",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 27 janvier 2015",
      "url": "http://support.apple.com/en-us/HT204245"
    }
  ]
}

CERTFR-2015-AVI-042

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à iOS 8.1.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 27 janvier 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iOS 8.1.3\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-4486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4486"
    },
    {
      "name": "CVE-2014-4488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4488"
    },
    {
      "name": "CVE-2014-4485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4485"
    },
    {
      "name": "CVE-2014-4469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4469"
    },
    {
      "name": "CVE-2014-4481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4481"
    },
    {
      "name": "CVE-2014-4492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4492"
    },
    {
      "name": "CVE-2014-4495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4495"
    },
    {
      "name": "CVE-2014-4479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4479"
    },
    {
      "name": "CVE-2014-4480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4480"
    },
    {
      "name": "CVE-2014-4455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4455"
    },
    {
      "name": "CVE-2014-4459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4459"
    },
    {
      "name": "CVE-2014-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4470"
    },
    {
      "name": "CVE-2014-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3192"
    },
    {
      "name": "CVE-2014-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8840"
    },
    {
      "name": "CVE-2014-4471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4471"
    },
    {
      "name": "CVE-2014-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4483"
    },
    {
      "name": "CVE-2014-4475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4475"
    },
    {
      "name": "CVE-2014-4489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4489"
    },
    {
      "name": "CVE-2014-4473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4473"
    },
    {
      "name": "CVE-2014-4468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4468"
    },
    {
      "name": "CVE-2014-4474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4474"
    },
    {
      "name": "CVE-2014-4466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4466"
    },
    {
      "name": "CVE-2014-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4472"
    },
    {
      "name": "CVE-2014-4487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4487"
    },
    {
      "name": "CVE-2014-4491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4491"
    },
    {
      "name": "CVE-2014-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4476"
    },
    {
      "name": "CVE-2014-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4465"
    },
    {
      "name": "CVE-2014-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4494"
    },
    {
      "name": "CVE-2014-4484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4484"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2014-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4467"
    },
    {
      "name": "CVE-2014-4477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4477"
    },
    {
      "name": "CVE-2014-4493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4493"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-042",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 27 janvier 2015",
      "url": "http://support.apple.com/en-us/HT204245"
    }
  ]
}

CNVD-2015-00848

Vulnerability from cnvd - Published: 2015-02-04

Title

Apple TV和iOS企业签名应用安全绕过漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple TV是苹果可以让PC和iPod中的相片,视频和音乐无线传输到电视之中高清晰度播出。 Apple TV和iOS企业签名应用存在安全漏洞，由于Apple TV和iOS在第一次打开企业级应用时未能正确处理可信提示，允许攻击者可绕过某些安全限制，执行未授权操作。

Severity

中

Patch Name

Apple TV和iOS企业签名应用安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.apple.com/

Reference

http://www.securityfocus.com/bid/72333 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4494 http://support.apple.com/HT204245

Impacted products

Name
Apple IOS < 8.1.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72333"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-4494"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 Apple TV\u662f\u82f9\u679c\u53ef\u4ee5\u8ba9PC\u548ciPod\u4e2d\u7684\u76f8\u7247,\u89c6\u9891\u548c\u97f3\u4e50\u65e0\u7ebf\u4f20\u8f93\u5230\u7535\u89c6\u4e4b\u4e2d\u9ad8\u6e05\u6670\u5ea6\u64ad\u51fa\u3002 \r\n\r\nApple TV\u548ciOS\u4f01\u4e1a\u7b7e\u540d\u5e94\u7528\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8eApple TV\u548ciOS\u5728\u7b2c\u4e00\u6b21\u6253\u5f00\u4f01\u4e1a\u7ea7\u5e94\u7528\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u53ef\u4fe1\u63d0\u793a\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "lokihardt@ASRT working with HP\u0027s Zero Day Initiative , Jordan Milne, Song Jin, Hui Xue, and Tao Wei of FireEye, Inc",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://support.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00848",
  "openTime": "2015-02-04",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 Apple TV\u662f\u82f9\u679c\u53ef\u4ee5\u8ba9PC\u548ciPod\u4e2d\u7684\u76f8\u7247,\u89c6\u9891\u548c\u97f3\u4e50\u65e0\u7ebf\u4f20\u8f93\u5230\u7535\u89c6\u4e4b\u4e2d\u9ad8\u6e05\u6670\u5ea6\u64ad\u51fa\u3002 \r\n\r\nApple TV\u548ciOS\u4f01\u4e1a\u7b7e\u540d\u5e94\u7528\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8eApple TV\u548ciOS\u5728\u7b2c\u4e00\u6b21\u6253\u5f00\u4f01\u4e1a\u7ea7\u5e94\u7528\u65f6\u672a\u80fd\u6b63\u786e\u5904\u7406\u53ef\u4fe1\u63d0\u793a\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple TV\u548ciOS\u4f01\u4e1a\u7b7e\u540d\u5e94\u7528\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c 8.1.3"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72333\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4494\r\nhttp://support.apple.com/HT204245",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-29",
  "title": "Apple TV\u548ciOS\u4f01\u4e1a\u7b7e\u540d\u5e94\u7528\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2014-4494

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-4494

Aliases

CVE-2014-4494

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4494",
    "description": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.",
    "id": "GSD-2014-4494"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4494"
      ],
      "details": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.",
      "id": "GSD-2014-4494",
      "modified": "2023-12-13T01:22:45.334460Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-4494",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/HT204245",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/HT204245"
          },
          {
            "name": "APPLE-SA-2015-01-27-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
          },
          {
            "name": "1031652",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031652"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-4494"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-01-27-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
            },
            {
              "name": "http://support.apple.com/HT204245",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/HT204245"
            },
            {
              "name": "1031652",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031652"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-11-17T16:25Z",
      "publishedDate": "2015-01-30T11:59Z"
    }
  }
}

VAR-201501-0637

Vulnerability from variot - Updated: 2023-12-18 10:53

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. Apple iOS is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect iTunes Store, MobileInstallation, Springboard, and WebKit components. Attackers can exploit these issues to gain unauthorized access, perform unauthorized actions, bypass security restrictions, and perform other attacks. These issues affect iOS versions prior to 8.1.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. The vulnerability stems from the fact that the program does not properly verify digital signatures

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0637",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.1.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lokihardt@ASRT working with HP\u0027s Zero Day Initiative , Jordan Milne, Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-4494",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-4494",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-72434",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-4494",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-714",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-72434",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. Apple iOS is prone to multiple security vulnerabilities. \nThe update addresses new vulnerabilities that affect iTunes Store, MobileInstallation, Springboard, and WebKit components. \nAttackers can exploit these issues to gain unauthorized access, perform unauthorized actions, bypass security restrictions, and perform other  attacks. \nThese issues affect iOS versions prior to 8.1.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. The vulnerability stems from the fact that the program does not properly verify digital signatures",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4494",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1031652",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "72333",
        "trust": 0.9
      },
      {
        "db": "JVN",
        "id": "JVNVU96447236",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-72434",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "id": "VAR-201501-0637",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:53:27.897000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-01-27-2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00001.html"
      },
      {
        "title": "HT204245",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204245"
      },
      {
        "title": "HT204245",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204245"
      },
      {
        "title": "osxupd10.10.2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53587"
      },
      {
        "title": "iPhone7,1_8.1.3_12B466_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53586"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/ht204245"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031652"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4494"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu96447236/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4494"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/72333"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "db": "BID",
        "id": "72333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "date": "2015-01-27T00:00:00",
        "db": "BID",
        "id": "72333"
      },
      {
        "date": "2015-02-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "date": "2015-01-30T11:59:23.453000",
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "date": "2015-01-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72434"
      },
      {
        "date": "2015-02-04T00:01:00",
        "db": "BID",
        "id": "72333"
      },
      {
        "date": "2015-02-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      },
      {
        "date": "2015-11-17T16:25:07.453000",
        "db": "NVD",
        "id": "CVE-2014-4494"
      },
      {
        "date": "2015-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  Springboard Vulnerabilities that can bypass restrictions on initial startup",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001290"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-714"
      }
    ],
    "trust": 0.6
  }
}

GHSA-PH2M-X7WF-Q6GR

Vulnerability from github – Published: 2022-05-17 04:01 – Updated: 2022-05-17 04:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-30T11:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.",
  "id": "GHSA-ph2m-x7wf-q6gr",
  "modified": "2022-05-17T04:01:58Z",
  "published": "2022-05-17T04:01:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4494"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/HT204245"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031652"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-4494 (GCVE-0-2014-4494)

FKIE_CVE-2014-4494

CERTFR-2015-AVI-042

Solution

CERTFR-2015-AVI-042

Solution

CNVD-2015-00848

GSD-2014-4494

VAR-201501-0637

GHSA-PH2M-X7WF-Q6GR

Tags

Sightings

Nomenclature