CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-4480

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile27.71th
Published2015年1月30日
Last Modified2026年5月6日

Vulnerability Description

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Affected Platforms (CPE)

💻
Apple

Iphone Os

<= 8.1.2
💻
Apple

Tvos

<= 7.0.1

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
🔗 http://support.apple.com/HT204245
🔗 http://support.apple.com/HT204246
🔗 http://www.securityfocus.com/bid/72334
🔗 http://www.securitytracker.com/id/1031652
🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

関連する脆弱性情報

CVE-2009-220410.0

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitr...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...