QwikSec

Security Database

CVE

CWE

Training

CVE-2014-4492

Published: Jan 30, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html

x_refsource_MISC

https://code.google.com/p/google-security-research/issues/detail?id=92

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

http://support.apple.com/HT204245

x_refsource_CONFIRM

http://support.apple.com/HT204246

x_refsource_CONFIRM

APPLE-SA-2015-01-27-2

vendor-advisory

x_refsource_APPLE

http://support.apple.com/HT204244

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

APPLE-SA-2015-01-27-1

vendor-advisory

x_refsource_APPLE

APPLE-SA-2015-01-27-4

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.