CVE-2014-4450
low
CVSS v3
—
CVSS v2
1.9
VIR risk
1.9
Description
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/kb/HT6541
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70660
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97666
- https://support.apple.com/kb/HT6541
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70660
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97666
- https://support.apple.com/kb/HT6541
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.