Main Vulnerability Database Vulnerabilities #VU41315

Information disclosure in macOS - CVE-2014-4403

Published: September 19, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41315

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-4403

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

How to mitigate CVE-2014-4403

Install update from vendor's website.

Sources

http://support.apple.com/kb/HT6443
http://www.securityfocus.com/bid/69910
http://www.securitytracker.com/id/1030868
https://exchange.xforce.ibmcloud.com/vulnerabilities/96064

Information disclosure in macOS - CVE-2014-4403

Detailed vulnerability description

How to mitigate CVE-2014-4403

Sources

Please verify you're human