Main Vulnerability Database SB2014042314

SB2014042314 - Information disclosure in Apple MAC OS X

Published: April 23, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014042314

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2014-1322)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html