CVE-2014-4492 in iOSinfo

Summary

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

06/20/2014

Disclosure

01/30/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
68937	Apple iOS libnetcore data processing	19	Proof-of-Concept	Official fix	CVE-2014-4492
68902	Apple Mac OS X libnetcore data processing	19	Proof-of-Concept	Official fix	CVE-2014-4492

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!