ID

VAR-201501-0618


CVE

CVE-2014-4496


TITLE

Apple iOS and Apple TV Of the kernel mach_port_kobject In the interface ASLR Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-001287

DESCRIPTION

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. Multiple Apple products are prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect AppleFileConduit, Kernel, and WebKit components. Attackers can exploit these issues to bypass security restrictions, disclose information, and perform other attacks. Both Apple iOS and Apple TV are products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product. The vulnerability stems from the fact that the program does not correctly limit the kernel-address and heap-permutation information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-3 Security Update 2015-002 Security Update 2015-002 is now available and addresses the following: iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An off by one issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1066 : Ian Beer of Google Project Zero IOSurface Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations. CVE-ID CVE-2014-4496 : TaiG Jailbreak Team Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris Security Update 2015-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe 7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu TJDXCjMND7F2ZJFRim/F =7PU8 -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2014-4496 // JVNDB: JVNDB-2015-001287 // BID: 72334 // VULHUB: VHN-72436 // PACKETSTORM: 130743

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:lteversion:7.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.1.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 0.8

vendor:applemodel:tvscope:ltversion:7.0.3 (apple tv first 3 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.1.3 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.1.3 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.1.3 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.1.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:7.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:1.0

Trust: 0.3

sources: BID: 72334 // JVNDB: JVNDB-2015-001287 // CNNVD: CNNVD-201501-753 // NVD: CVE-2014-4496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4496
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4496
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-753
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72436
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4496
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72436
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72436 // JVNDB: JVNDB-2015-001287 // CNNVD: CNNVD-201501-753 // NVD: CVE-2014-4496

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-72436 // JVNDB: JVNDB-2015-001287 // NVD: CVE-2014-4496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-753

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201501-753

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001287

PATCH

title:APPLE-SA-2015-01-27-2 iOS 8.1.3url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

Trust: 0.8

title:APPLE-SA-2015-01-27-1 Apple TV 7.0.3url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

Trust: 0.8

title:APPLE-SA-2015-03-09-3 Security Update 2015-002url:http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html

Trust: 0.8

title:HT204245url:http://support.apple.com/en-us/HT204245

Trust: 0.8

title:HT204246url:http://support.apple.com/en-us/HT204246

Trust: 0.8

title:HT204413url:https://support.apple.com/en-us/HT204413

Trust: 0.8

title:HT204245url:http://support.apple.com/ja-jp/HT204245

Trust: 0.8

title:HT204246url:http://support.apple.com/ja-jp/HT204246

Trust: 0.8

title:HT204413url:http://support.apple.com/ja-jp/HT204413

Trust: 0.8

sources: JVNDB: JVNDB-2015-001287

EXTERNAL IDS

db:NVDid:CVE-2014-4496

Trust: 2.9

db:BIDid:72334

Trust: 2.0

db:SECTRACKid:1031652

Trust: 1.7

db:JVNid:JVNVU90171154

Trust: 0.8

db:JVNid:JVNVU96447236

Trust: 0.8

db:JVNDBid:JVNDB-2015-001287

Trust: 0.8

db:CNNVDid:CNNVD-201501-753

Trust: 0.7

db:PACKETSTORMid:130743

Trust: 0.2

db:VULHUBid:VHN-72436

Trust: 0.1

sources: VULHUB: VHN-72436 // BID: 72334 // JVNDB: JVNDB-2015-001287 // PACKETSTORM: 130743 // CNNVD: CNNVD-201501-753 // NVD: CVE-2014-4496

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/jan/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2015/jan/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2015/mar/msg00002.html

Trust: 1.7

url:http://www.securityfocus.com/bid/72334

Trust: 1.7

url:http://support.apple.com/ht204245

Trust: 1.7

url:http://support.apple.com/ht204246

Trust: 1.7

url:https://support.apple.com/ht204413

Trust: 1.7

url:http://www.securitytracker.com/id/1031652

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4496

Trust: 0.8

url:http://jvn.jp/vu/jvnvu96447236/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu90171154/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4496

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:https://www.apple.com/in/appletv/

Trust: 0.3

url:http://support.apple.com/kb/ht1222?viewlocale=en_us

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-1065

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1066

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4496

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1067

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1061

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

sources: VULHUB: VHN-72436 // BID: 72334 // JVNDB: JVNDB-2015-001287 // PACKETSTORM: 130743 // CNNVD: CNNVD-201501-753 // NVD: CVE-2014-4496

CREDITS

TaiG Jailbreak Team and Rennie deGraaf of iSEC Partners

Trust: 0.3

sources: BID: 72334

SOURCES

db:VULHUBid:VHN-72436
db:BIDid:72334
db:JVNDBid:JVNDB-2015-001287
db:PACKETSTORMid:130743
db:CNNVDid:CNNVD-201501-753
db:NVDid:CVE-2014-4496

LAST UPDATE DATE

2025-04-13T22:07:04.947000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-72436date:2019-03-08T00:00:00
db:BIDid:72334date:2016-01-12T02:16:00
db:JVNDBid:JVNDB-2015-001287date:2015-03-13T00:00:00
db:CNNVDid:CNNVD-201501-753date:2019-03-13T00:00:00
db:NVDid:CVE-2014-4496date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-72436date:2015-01-30T00:00:00
db:BIDid:72334date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001287date:2015-02-12T00:00:00
db:PACKETSTORMid:130743date:2015-03-10T16:20:32
db:CNNVDid:CNNVD-201501-753date:2015-01-30T00:00:00
db:NVDid:CVE-2014-4496date:2015-01-30T11:59:25.297