CVE-2014-4455 - Vulnerability Details - OpenCVE

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Tvos

Configuration 1 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:tvos:6.0:::::::*
	cpe:2.3:o:apple:tvos:6.0.1:::::::*
	cpe:2.3:o:apple:tvos:6.0.2:::::::*
	cpe:2.3:o:apple:tvos:6.1:::::::*
	cpe:2.3:o:apple:tvos:6.1.1:::::::*
	cpe:2.3:o:apple:tvos:6.1.2:::::::*
	cpe:2.3:o:apple:tvos:6.2:::::::*
	cpe:2.3:o:apple:tvos:6.2.1:::::::*
	cpe:2.3:o:apple:tvos:7.0:::::::*
	cpe:2.3:o:apple:tvos:7.0.1:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
http://support.apple.com/HT204245
http://support.apple.com/HT204246
http://www.securityfocus.com/bid/71140
http://www.securitytracker.com/id/1031231
https://exchange.xforce.ibmcloud.com/vulnerabilities/98773
https://support.apple.com/en-us/HT204418
https://support.apple.com/en-us/HT204420
https://support.apple.com/en-us/HT6590
https://support.apple.com/en-us/HT6592

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2014-11-18T11:00:00

Updated: 2024-08-06T11:20:25.955Z

Reserved: 2014-06-20T00:00:00

Link: CVE-2014-4455

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-18T11:59:03.747

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-4455

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2014-11-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/HT204245"}, {"name": "APPLE-SA-2014-11-17-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/HT204246"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT6590"}, {"name": "1031231", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031231"}, {"name": "APPLE-SA-2015-01-27-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"}, {"name": "appletv-cve20144455-code-exec(98773)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98773"}, {"name": "APPLE-SA-2015-01-27-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"}, {"name": "71140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71140"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT204420"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT204418"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/en-us/HT6592"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2014-4455", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2014-11-17-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"}, {"name": "http://support.apple.com/HT204245", "refsource": "CONFIRM", "url": "http://support.apple.com/HT204245"}, {"name": "APPLE-SA-2014-11-17-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"}, {"name": "http://support.apple.com/HT204246", "refsource": "CONFIRM", "url": "http://support.apple.com/HT204246"}, {"name": "https://support.apple.com/en-us/HT6590", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT6590"}, {"name": "1031231", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031231"}, {"name": "APPLE-SA-2015-01-27-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"}, {"name": "appletv-cve20144455-code-exec(98773)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98773"}, {"name": "APPLE-SA-2015-01-27-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"}, {"name": "71140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71140"}, {"name": "https://support.apple.com/en-us/HT204420", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT204420"}, {"name": "https://support.apple.com/en-us/HT204418", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT204418"}, {"name": "https://support.apple.com/en-us/HT6592", "refsource": "CONFIRM", "url": "https://support.apple.com/en-us/HT6592"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:25.955Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2014-11-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/HT204245"}, {"name": "APPLE-SA-2014-11-17-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/HT204246"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT6590"}, {"name": "1031231", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031231"}, {"name": "APPLE-SA-2015-01-27-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"}, {"name": "appletv-cve20144455-code-exec(98773)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98773"}, {"name": "APPLE-SA-2015-01-27-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"}, {"name": "71140", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71140"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT204420"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT204418"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/en-us/HT6592"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2014-4455", "datePublished": "2014-11-18T11:00:00", "dateReserved": "2014-06-20T00:00:00", "dateUpdated": "2024-08-06T11:20:25.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "31944D25-25B6-4EA4-92B0-6B03921E0CCE", "versionEndIncluding": "8.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C32F3FB-EBDF-4A80-B7D9-42EDEF5DC6F4", "versionEndIncluding": "7.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5365205F-B91D-4123-8CFD-EA42E0DEA944", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7F676-5ACC-4330-9591-465CA8AF77AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D5314D7F-8352-41F5-A155-5E5392C58ABF", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "36567F18-DE70-4189-A52E-A0376C779B7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5EA1745A-E240-462A-BDA9-200DB6AC112F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC814F33-E1D4-4910-BD1C-2C002D734415", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CBE682D-CC59-463E-B122-1BDEC8989AD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "874EF671-49AA-4F0A-B656-60E66DFBB70B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEE6A417-B836-4A74-AF3B-990B61D6EFC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D1EE7DC-E10C-4A34-AF32-03A9DC920BBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file."}, {"lang": "es", "value": "dyld en Apple iOS anterior a 8.1.1 y Apple TV anterior a 7.0.2 no gestiona correctamente los segmentos superpuestos en archivos ejecutables de Mach-O lo que permite a usuarios locales eludir las restricciones de la firma de c\u00f3digo a trav\u00e9s de un archivo manipulado."}], "evaluatorComment": "Per an <a href=\"http://support.apple.com/en-us/HT204246\">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable.\nPer an <a href=\"http://support.apple.com/en-us/HT204245\">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable.\n\nThese product additions are reflected in the vulnerable configuration.", "id": "CVE-2014-4455", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-18T11:59:03.747", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/HT204245"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/HT204246"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/71140"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1031231"}, {"source": "product-security@apple.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98773"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT204418"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/HT204420"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT6590"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT6592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/HT204245"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/HT204246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98773"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/en-us/HT204418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/en-us/HT204420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT6590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT6592"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}