Vulnerability in N/a
CVE-2014-4404
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
EPSS: 0.620 (98.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/HT204659 (x_refsource_CONFIRM)
- support.apple.com/kb/HT6441 (x_refsource_CONFIRM)
- 1030866 (vdb-entry, x_refsource_SECTRACK)
- 69947 (vdb-entry, x_refsource_BID)
- support.apple.com/kb/HT6442 (x_refsource_CONFIRM)
- APPLE-SA-2014-10-16-1 (vendor-advisory, x_refsource_APPLE)
- APPLE-SA-2014-09-17-2 (vendor-advisory, x_refsource_APPLE)
- 69882 (vdb-entry, x_refsource_BID)
- appleios-cve20144404-bo(96111) (vdb-entry, x_refsource_XF)
- APPLE-SA-2015-04-08-2 (vendor-advisory, x_refsource_APPLE)
Frequently asked questions
- What is CVE-2014-4404?
- CVE-2014-4404 is a vulnerability in N/a. Published 2014-09-18.
- Is CVE-2014-4404 known to be exploited?
- Yes. CVE-2014-4404 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-02-10), indicating it is being actively exploited. 3 public proof-of-concept repositories are indexed.