Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2014-1372 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU41513
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-1372
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 10.8.0 - 10.9.2
CPE2.3 External linkshttp://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
http://secunia.com/advisories/59475
http://support.apple.com/kb/HT6296
http://www.securitytracker.com/id/1030505
http://code.google.com/p/google-security-research/issues/detail?id=18
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.