返回 CVE 瀏覽器

CVE-2014-4486

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1420%

EPSS Percentile24.39th

Published2015年1月30日

Last Modified2026年5月6日

Vulnerability Description

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

Affected Platforms (CPE)

💻

Apple

Iphone Os

<= 8.1.2

💻

Apple

Mac Os X

<= 10.10.1

💻

Apple

Tvos

<= 7.0.1

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

🔗 http://support.apple.com/HT204244

🔗 http://support.apple.com/HT204245

🔗 http://support.apple.com/HT204246

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

🔗 http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

相關漏洞威脅

CVE-2009-220410.0

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitr...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...