Details of VAR-201403-0253

ID

VAR-201403-0253

CVE

CVE-2014-1303

TITLE

Apple Safari Used in etc. Webkit Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001802

DESCRIPTION

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. Apple Safari Used in etc. Webkit Contains a heap-based buffer overflow vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CSS rules. The issue lies in the improper handling of CSSSelector elements. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will result in a denial-of-service condition. Note: This BID was previously titled 'Apple Safari Unspecified Heap Based Buffer Overflow Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

Trust: 3.06

sources: NVD: CVE-2014-1303 // JVNDB: JVNDB-2014-001802 // ZDI: ZDI-14-091 // BID: 66242 // VULHUB: VHN-69242 // VULMON: CVE-2014-1303 // PACKETSTORM: 126271 // PACKETSTORM: 125981 // PACKETSTORM: 130110 // PACKETSTORM: 126270

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	apple	model:	itunes	scope:	lt	version:	(windows)	Trust: 0.8
vendor:	apple	model:	tv	scope:	lt	version:	(apple tv first 2 after generation )	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	6.1.1	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x mountain lion v10.8.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x mavericks v10.9.2)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x lion v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x mountain lion v10.8.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x lion server v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x lion server v10.7.5)	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(iphone 4 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x lion v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x mavericks v10.9.2)	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	12.0.1	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.x	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3

sources: ZDI: ZDI-14-091 // BID: 66242 // JVNDB: JVNDB-2014-001802 // CNNVD: CNNVD-201403-462 // NVD: CVE-2014-1303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1303
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1303
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-1303
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201403-462
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-69242
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-1303
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1303
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2014-1303
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-69242
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-14-091 // VULHUB: VHN-69242 // VULMON: CVE-2014-1303 // JVNDB: JVNDB-2014-001802 // CNNVD: CNNVD-201403-462 // NVD: CVE-2014-1303

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-69242 // JVNDB: JVNDB-2014-001802 // NVD: CVE-2014-1303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-462

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201403-462

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001802

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-69242 // VULMON: CVE-2014-1303

PATCH

title:	HT6181	url:	http://support.apple.com/kb/HT6181	Trust: 1.5
title:	HT6208	url:	http://support.apple.com/kb/HT6208	Trust: 0.8
title:	HT6209	url:	http://support.apple.com/kb/HT6209	Trust: 0.8
title:	HT6537	url:	http://support.apple.com/en-eu/HT6537	Trust: 0.8
title:	HT6208	url:	http://support.apple.com/kb/HT6208?viewlocale=ja_JP	Trust: 0.8
title:	HT6209	url:	http://support.apple.com/kb/HT6209?viewlocale=ja_JP	Trust: 0.8
title:	HT6537	url:	http://support.apple.com/ja-jp/HT6537	Trust: 0.8
title:	HT6181	url:	http://support.apple.com/kb/HT6181?viewlocale=ja_JP	Trust: 0.8
title:	Red Hat: CVE-2014-1303	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-1303	Trust: 0.1
title:	PS4-2014-1303-POC	url:	https://github.com/Fire30/PS4-2014-1303-POC	Trust: 0.1
title:	Awesome-PS4-Jailbreak	url:	https://github.com/IH0kN3m/Awesome-PS4-Jailbreak	Trust: 0.1

sources: ZDI: ZDI-14-091 // VULMON: CVE-2014-1303 // JVNDB: JVNDB-2014-001802

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1303	Trust: 4.0
db:	JVN	id:	JVNVU94409290	Trust: 0.8
db:	JVN	id:	JVNVU95860341	Trust: 0.8
db:	JVN	id:	JVNVU97537282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001802	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2221	Trust: 0.7
db:	ZDI	id:	ZDI-14-091	Trust: 0.7
db:	CNNVD	id:	CNNVD-201403-462	Trust: 0.7
db:	BID	id:	66242	Trust: 0.4
db:	EXPLOIT-DB	id:	44204	Trust: 0.2
db:	SEEBUG	id:	SSVID-61971	Trust: 0.1
db:	VULHUB	id:	VHN-69242	Trust: 0.1
db:	VULMON	id:	CVE-2014-1303	Trust: 0.1
db:	PACKETSTORM	id:	126271	Trust: 0.1
db:	PACKETSTORM	id:	125981	Trust: 0.1
db:	PACKETSTORM	id:	130110	Trust: 0.1
db:	PACKETSTORM	id:	126270	Trust: 0.1

sources: ZDI: ZDI-14-091 // VULHUB: VHN-69242 // VULMON: CVE-2014-1303 // BID: 66242 // JVNDB: JVNDB-2014-001802 // PACKETSTORM: 126271 // PACKETSTORM: 125981 // PACKETSTORM: 130110 // PACKETSTORM: 126270 // CNNVD: CNNVD-201403-462 // NVD: CVE-2014-1303

REFERENCES

url:	http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/	Trust: 2.6
url:	http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html	Trust: 2.0
url:	http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html	Trust: 2.0
url:	http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html	Trust: 2.0
url:	http://twitter.com/thezdi/statuses/444157530139136000	Trust: 1.8
url:	https://support.apple.com/kb/ht6537	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1303	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94409290/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95860341/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97537282/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1303	Trust: 0.8
url:	http://support.apple.com/kb/ht6181	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1304	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1309	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1308	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1300	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1311	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1313	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1298	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1305	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1303	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1299	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2871	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1307	Trust: 0.4
url:	http://www.apple.com/safari/download/	Trust: 0.3
url:	http://support.apple.com/kb/ht1222	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1312	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1713	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	http://gpgtools.org	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1310	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1302	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1296	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1320	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1295	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1292	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1297	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/fire30/ps4-2014-1303-poc	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33781	Trust: 0.1
url:	https://github.com/ih0kn3m/awesome-ps4-jailbreak	Trust: 0.1
url:	https://www.exploit-db.com/exploits/44204/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1291	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2928	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2926	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1293	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1290	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1294	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1289	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1301	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6625	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1334	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1337	Trust: 0.1
url:	http://webkitgtk.org/security/wsa-2015-0001.html	Trust: 0.1
url:	http://webkitgtk.org/security.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1336	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1326	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1331	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1338	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1323	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1335	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2927	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1333	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1329	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1330	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1

CREDITS

Liang Chen of KeenTeam

Trust: 0.7

sources: ZDI: ZDI-14-091

SOURCES

db:	ZDI	id:	ZDI-14-091
db:	VULHUB	id:	VHN-69242
db:	VULMON	id:	CVE-2014-1303
db:	BID	id:	66242
db:	JVNDB	id:	JVNDB-2014-001802
db:	PACKETSTORM	id:	126271
db:	PACKETSTORM	id:	125981
db:	PACKETSTORM	id:	130110
db:	PACKETSTORM	id:	126270
db:	CNNVD	id:	CNNVD-201403-462
db:	NVD	id:	CVE-2014-1303

LAST UPDATE DATE

2025-04-13T21:15:35.255000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-091	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-69242	date:	2016-12-08T00:00:00
db:	VULMON	id:	CVE-2014-1303	date:	2016-12-08T00:00:00
db:	BID	id:	66242	date:	2015-03-19T09:07:00
db:	JVNDB	id:	JVNDB-2014-001802	date:	2014-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201403-462	date:	2014-04-03T00:00:00
db:	NVD	id:	CVE-2014-1303	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-14-091	date:	2014-04-11T00:00:00
db:	VULHUB	id:	VHN-69242	date:	2014-03-26T00:00:00
db:	VULMON	id:	CVE-2014-1303	date:	2014-03-26T00:00:00
db:	BID	id:	66242	date:	2014-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-001802	date:	2014-03-27T00:00:00
db:	PACKETSTORM	id:	126271	date:	2014-04-23T00:10:03
db:	PACKETSTORM	id:	125981	date:	2014-04-02T11:02:22
db:	PACKETSTORM	id:	130110	date:	2015-01-27T19:15:58
db:	PACKETSTORM	id:	126270	date:	2014-04-23T00:06:50
db:	CNNVD	id:	CNNVD-201403-462	date:	2014-03-27T00:00:00
db:	NVD	id:	CVE-2014-1303	date:	2014-03-26T14:55:05.773