CVE-2014-4492

Related Files

Mac OS X Networkd XPC Type Confusion Sandbox Escape

Posted Nov 17, 2015

Authored by Google Security Research, Ian Beer

networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.

tags | exploit

systems | linux, apple

advisories | CVE-2014-4492

SHA-256 | 8f3b0d4e8a89ad64284b0b7f58567f82fed3eee85dac017382e0f65c2b11a7e5

Download | Favorite | View

Apple Security Advisory 2015-01-27-4

Posted Jan 28, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution, info disclosure

systems | apple, osx

advisories | CVE-2011-2391, CVE-2014-1595, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-4371, CVE-2014-4389, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4426, CVE-2014-4460, CVE-2014-4461, CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4492, CVE-2014-4495, CVE-2014-4497, CVE-2014-4498, CVE-2014-4499, CVE-2014-6277

SHA-256 | 434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97

Download | Favorite | View

Apple Security Advisory 2015-01-27-2

Posted Jan 28, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-01-27-2 - iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, code execution

systems | cisco, apple, ios

advisories | CVE-2014-3192, CVE-2014-4455, CVE-2014-4459, CVE-2014-4465, CVE-2014-4466, CVE-2014-4467, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2014-4480, CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4492

SHA-256 | 7d9920a6997e5e7bb8e01611c7dce2b7e3e242c90d9a5c4edeb5181b8c7b8cf1

Download | Favorite | View

Apple Security Advisory 2015-01-27-1

Posted Jan 28, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-01-27-1 - Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure

systems | apple

advisories | CVE-2014-3192, CVE-2014-4455, CVE-2014-4459, CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2014-4480, CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4492, CVE-2014-4495

SHA-256 | 5ccfb0bf060b8bfce712b760bdd4bdcf5bc236994aba26bbfdd77d093c7ee7bb

Download | Favorite | View