CVE-2014-1320

2014-04-2311:52:00

CWE-200

[email protected]

web.nvd.nist.gov

iokit

apple

ios

os x

apple tv

cve-2014-1320

aslr

local users

security vulnerability

nvd

5.6 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.03 Low

EPSS

Percentile

90.8%

JSON

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.9
apple:mac_os_xapple mac os xeq10.9.1
apple:mac_os_xapple mac os xle10.9.2
apple:iphone_osapple iphone oseq7.0.4
apple:iphone_osapple iphone osle7.1
apple:iphone_osapple iphone oseq7.0.5
apple:iphone_osapple iphone oseq7.0.6
apple:iphone_osapple iphone oseq7.0.1
apple:iphone_osapple iphone oseq7.0.2
apple:iphone_osapple iphone oseq7.0

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.9
apple:mac_os_x	apple mac os x	eq	10.9.1
apple:mac_os_x	apple mac os x	le	10.9.2
apple:iphone_os	apple iphone os	eq	7.0.4
apple:iphone_os	apple iphone os	le	7.1
apple:iphone_os	apple iphone os	eq	7.0.5
apple:iphone_os	apple iphone os	eq	7.0.6
apple:iphone_os	apple iphone os	eq	7.0.1
apple:iphone_os	apple iphone os	eq	7.0.2
apple:iphone_os	apple iphone os	eq	7.0