First published: Fri Jan 30 2015(Updated: )
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
iPhone OS | <=8.1.2 | |
Apple iOS and macOS | <=10.10.1 | |
tvOS | <=7.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-4495 has a medium severity rating due to the potential for attackers to bypass access restrictions.
To fix CVE-2014-4495, update your Apple iOS to version 8.1.3 or later, macOS to version 10.10.2 or later, and tvOS to version 7.0.3 or later.
CVE-2014-4495 affects iOS versions prior to 8.1.3, macOS versions before 10.10.2, and tvOS versions before 7.0.3.
Exploiting CVE-2014-4495 can potentially allow for unauthorized access but does not directly lead to remote code execution.
CVE-2014-4495 is a permissive access control vulnerability in the kernel related to shared memory segments.