Main Vulnerability Database Vulnerabilities #VU41513

Permissions, Privileges, and Access Controls in macOS - CVE-2014-1372

Published: July 1, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41513

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-1372

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.

How to mitigate CVE-2014-1372

Install update from vendor's website.

Sources

http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
http://secunia.com/advisories/59475
http://support.apple.com/kb/HT6296
http://www.securitytracker.com/id/1030505
https://code.google.com/p/google-security-research/issues/detail?id=18

Permissions, Privileges, and Access Controls in macOS - CVE-2014-1372

Detailed vulnerability description

How to mitigate CVE-2014-1372

Sources

Please verify you're human