Permissions, Privileges, and Access Controls in tvOS - CVE-2014-1279
Published: March 14, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41918
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-1279
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
tvOS
tvOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.
How to mitigate CVE-2014-1279
Install update from vendor's website.