CVE-2014-4450 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-4450 PUBLISHED CVSS 1.899999976158142 LOW

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

EPSS 0.14% · 34.6th percentile

Risk Scores

CVSS v2.0

1.899999976158142

EPSS Score

0.14%

34.6th percentile

Affected Products

Vendor	Product	Versions
apple	iphone_os	0
n/a	n/a	n/a

Timeline

Oct 22, 2014 CVE Published
Jun 20, 2016 PoC Published
Jul 20, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://support.apple.com/kb/HT6541 advisory
1031077 vdb
appleios-cve20144450-info-disc(97666) vdb
APPLE-SA-2014-10-20-1 vendor-advisory
70660 vdb
https://nvd.nist.gov/vuln/detail/CVE-2014-4450 advisory

Open in Interactive Console →