CVE-2014-4492 in iOS
요약 (영어)
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
예약하다
2014. 06. 20.
공개
2015. 01. 30.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 68937 | Apple iOS libnetcore | 19 | 개념 증명 | 공식 수정 | CVE-2014-4492 |
| 68902 | Apple Mac OS X libnetcore | 19 | 개념 증명 | 공식 수정 | CVE-2014-4492 |