CVE-2014-8817
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.
coresymbolicationd en CoreSymbolication en Apple OS X anterior a 10.10.2 no verifica que los tipos de datos esperados están presentes en los mensajes XPC, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada, tal y como fue demostrado mediante la falta de verificación de valores de retorno de la API xpc_dictionary_get_value durante el manejo de un comando (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, o (4) read_mmap_archive.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-14 CVE Reserved
- 2015-01-30 CVE Published
- 2024-07-26 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-19: Data Processing Errors
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1031650 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100496 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://code.google.com/p/google-security-research/issues/detail?id=80 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html | 2017-09-08 | |
| http://support.apple.com/HT204244 | 2017-09-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.1 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.1" | - |
Affected
| ||||||