Details of VAR-201501-0636

ID

VAR-201501-0636

CVE

CVE-2014-4493

TITLE

Apple iOS of MobileInstallation of app-installation Vulnerability in function that gains control of local application container

Trust: 0.8

sources: JVNDB: JVNDB-2015-001291

DESCRIPTION

The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. Apple iOS is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect iTunes Store, MobileInstallation, Springboard, and WebKit components. Attackers can exploit these issues to gain unauthorized access, perform unauthorized actions, bypass security restrictions, and perform other attacks. These issues affect iOS versions prior to 8.1.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. MobileInstallation is a necessary component to install AppStore cracked software

Trust: 1.98

sources: NVD: CVE-2014-4493 // JVNDB: JVNDB-2015-001291 // BID: 72333 // VULHUB: VHN-72433

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.1.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.1.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.1.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.1.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.1.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 72333 // JVNDB: JVNDB-2015-001291 // CNNVD: CNNVD-201501-713 // NVD: CVE-2014-4493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4493
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4493
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201501-713
value:	HIGH
Trust: 0.6
VULHUB:	VHN-72433
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4493
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72433
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72433 // JVNDB: JVNDB-2015-001291 // CNNVD: CNNVD-201501-713 // NVD: CVE-2014-4493

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-72433 // JVNDB: JVNDB-2015-001291 // NVD: CVE-2014-4493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-713

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201501-713

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001291

PATCH

title:	APPLE-SA-2015-01-27-2	url:	http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html	Trust: 0.8
title:	HT204245	url:	http://support.apple.com/en-us/HT204245	Trust: 0.8
title:	HT204245	url:	http://support.apple.com/ja-jp/HT204245	Trust: 0.8

sources: JVNDB: JVNDB-2015-001291

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4493	Trust: 2.8
db:	SECTRACK	id:	1031652	Trust: 1.1
db:	BID	id:	72333	Trust: 0.9
db:	JVN	id:	JVNVU96447236	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001291	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-713	Trust: 0.7
db:	VULHUB	id:	VHN-72433	Trust: 0.1

sources: VULHUB: VHN-72433 // BID: 72333 // JVNDB: JVNDB-2015-001291 // CNNVD: CNNVD-201501-713 // NVD: CVE-2014-4493

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/jan/msg00001.html	Trust: 1.7
url:	http://support.apple.com/ht204245	Trust: 1.7
url:	http://www.securitytracker.com/id/1031652	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4493	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96447236/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4493	Trust: 0.8
url:	http://www.securityfocus.com/bid/72333	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-72433 // BID: 72333 // JVNDB: JVNDB-2015-001291 // CNNVD: CNNVD-201501-713 // NVD: CVE-2014-4493

CREDITS

lokihardt@ASRT working with HP's Zero Day Initiative , Jordan Milne, Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.

Trust: 0.9

sources: BID: 72333 // CNNVD: CNNVD-201501-713

SOURCES

db:	VULHUB	id:	VHN-72433
db:	BID	id:	72333
db:	JVNDB	id:	JVNDB-2015-001291
db:	CNNVD	id:	CNNVD-201501-713
db:	NVD	id:	CVE-2014-4493

LAST UPDATE DATE

2025-04-12T19:55:39.595000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72433	date:	2015-11-17T00:00:00
db:	BID	id:	72333	date:	2015-02-04T00:01:00
db:	JVNDB	id:	JVNDB-2015-001291	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-713	date:	2015-02-02T00:00:00
db:	NVD	id:	CVE-2014-4493	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72433	date:	2015-01-30T00:00:00
db:	BID	id:	72333	date:	2015-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-001291	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-713	date:	2015-01-27T00:00:00
db:	NVD	id:	CVE-2014-4493	date:	2015-01-30T11:59:22.517