CVE-2014-8840

Опубликовано: 30 янв. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

Ссылки

http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
Vendor Advisory
http://support.apple.com/HT204245
Vendor Advisory
http://www.securitytracker.com/id/1031652
http://zerodayinitiative.com/advisories/ZDI-15-010/
https://exchange.xforce.ibmcloud.com/vulnerabilities/100533
http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
Vendor Advisory
http://support.apple.com/HT204245
Vendor Advisory
http://www.securitytracker.com/id/1031652
http://zerodayinitiative.com/advisories/ZDI-15-010/
https://exchange.xforce.ibmcloud.com/vulnerabilities/100533

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 8.1.2 (включая)

EPSS

Процентиль: 56%

0.00333

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-5556-cw4f-pcjm

github

больше 3 лет назад