CVE-2014-4457 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-4457 PUBLISHED CVSS 7.5 HIGH

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

EPSS 1.11% · 78.1th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

1.11%

78.1th percentile

Affected Products

Vendor	Product	Versions
apple	iphone_os	0, 8.0, 8.0.1
n/a	n/a	n/a

Timeline

Nov 18, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://support.apple.com/en-us/HT6592 advisory
https://support.apple.com/en-us/HT6591 advisory
https://support.apple.com/en-us/HT6590 advisory
APPLE-SA-2014-11-17-1 vendor-advisory
appleios-cve20144457-sec-bypass(98777) vdb
71143 vdb
1031232 vdb
https://support.apple.com/en-us/HT204418 url
https://nvd.nist.gov/vuln/detail/CVE-2014-4457 advisory

Open in Interactive Console →