CVE-2014-4404
CVE-2014-4404
In short
A flaw in Apple's input device handling allows an app to crash the system or run dangerous code by sending specially crafted keyboard mapping data. This is critical because it runs with high privileges and can fully compromise the device.
Technical detail
Heap-based buffer overflow in IOHIDFamily kernel component allows local privilege escalation through a malicious application submitting oversized key-mapping properties. Attack requires no user interaction beyond app installation and impacts iOS <8 and Apple TV <7, enabling arbitrary code execution in kernel context.
Summary generated and translated by AI from the official description.
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/35440unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96111https://support.apple.com/HT204659https://support.apple.com/kb/HT6535http://support.apple.com/kb/HT6441http://support.apple.com/kb/HT6442https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4404http://www.securityfocus.com/bid/69882http://www.securityfocus.com/bid/69947