CVE-2014-1320

MEDIUM

Description

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

References

http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

Details

Source: MITRE

Published: 2014-04-23

Updated: 2019-03-08

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM