The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html | Third Party Advisory |
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html | Third Party Advisory |
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html | Third Party Advisory |
https://support.apple.com/kb/HT6535 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html | Mailing List Vendor Advisory |
http://support.apple.com/HT204244 | Vendor Advisory |
http://www.securitytracker.com/id/1030866 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/69919 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/69882 | Third Party Advisory VDB Entry |
http://support.apple.com/kb/HT6442 | Vendor Advisory |
http://support.apple.com/kb/HT6441 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100 | VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2014-09-18 03:55
Updated : 2019-11-07 07:36
NVD link : CVE-2014-4371
Mitre link : CVE-2014-4371
JSON object : View
CWE
CWE-665
Improper Initialization
Products Affected
apple
- mac_os_x
- tvos
- iphone_os