CyberSec.Space Logo
Back to CVE Browser

CVE-2014-4404

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score94.7670%
EPSS Percentile95.08th
PublishedSep 18, 2014
Last ModifiedApr 21, 2026

Vulnerability Description

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.

Affected Platforms (CPE)

πŸ’»
Apple

Iphone Os

< 8.0
πŸ’»
Apple

Mac Os X

< 10.10.0
πŸ’»
Apple

Mac Os X

>= 10.10.1 and < 10.10.3
πŸ’»
Apple

Tvos

< 7.0

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
πŸ”— http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
πŸ”— http://support.apple.com/kb/HT6441
πŸ”— http://support.apple.com/kb/HT6442
πŸ”— http://www.securityfocus.com/bid/69882
πŸ”— http://www.securityfocus.com/bid/69947

Related Vulnerabilities

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2009-220410.0

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitr...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...