#VU41769 Information disclosure in macOS - CVE-2014-1322

Cybersecurity Help s.r.o.

Published: 2014-04-23 | Updated: 2021-02-04

Vulnerability identifier: #VU41769

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2014-1322

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

Mitigation
Install update from vendor's website.

Vulnerable software versions

macOS: 10.9 - 10.9.1

External links
https://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Information disclosure in Apple MAC OS X