CVE-2014-1256

HIGH

Description

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

References

http://support.apple.com/kb/HT6150

Details

Source: MITRE

Published: 2014-02-27

Updated: 2014-02-27

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.1 (inclusive)

cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*

Tenable Plugins

View all (3 total)

ID	Name	Product	Family	Severity
8138	Mac OS X < 10.9.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
72688	Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
72687	Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical