Lucene search
HistoryFeb 27, 2014 - 1:55 a.m.
CVE-2014-1255
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.3%
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.
Affected configurations
Node
applemac_os_xRange≤10.9.1
ORapplemac_os_xMatch10.9
References
Related
cve
cve
CVE-2014-1255
2014-02-27 01:55:03
hackerone
hackerone
Sandbox Escape: OSX ATS arbitrary free issue may lead to App Sandbox bypass
2014-02-26 00:00:00
cvelist
cvelist
CVE-2014-1255
2014-02-27 01:00:00
prion
prion
Design/Logic Flaw
2014-02-27 01:55:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities -07 (Sep 2014)
2014-09-22 00:00:00
seebug
seebug
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
2014-02-26 00:00:00
nessus
nessus
Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
2014-02-25 00:00:00
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2014-02-28 00:00:00
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
2014-02-28 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.3%
Related for NVD:CVE-2014-1255