Arbitrary Code Execution Vulnerability in IOKit Metadata Validation

CVE-2014-4388 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.

Learn more about our Cis Benchmark Audit For Apple Ios.