Vulnerabilities

CVE-2014-4492

by Fred · 30/01/2015

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.

Date published : 2015-01-30

http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html

Similar

Tags: Cybersecurity Alert