CVE-2014-4492

Name of the Vulnerable Software and Affected Versions libnetcore in Apple iOS versions prior to 8.1.3 libnetcore in Apple OS X versions prior to 10.10.2 libnetcore in Apple TV versions prior to 7.0.3

Description The issue allows attackers to execute arbitrary code in a networkd context via a crafted XPC message from a sandboxed app. This is due to the lack of verification of certain values' data types, including the XPC dictionary data type.

Recommendations For libnetcore in Apple iOS versions prior to 8.1.3, update to version 8.1.3 or later. For libnetcore in Apple OS X versions prior to 10.10.2, update to version 10.10.2 or later. For libnetcore in Apple TV versions prior to 7.0.3, update to version 7.0.3 or later.