CVE-2014-1320

Apple iOS < 7.1.1, OS X <= 10.9.2, and tvOS < 6.1.1 - ASLR Bypass via IOKit Kernel Pointer Exposure

Title source: llm
STIX 2.1

Description

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

Scores

EPSS 0.0037
EPSS Percentile 28.9%

Details

CWE
CWE-200
Status published
Products (15)
apple/iphone_os 7.0
apple/iphone_os 7.0.1
apple/iphone_os 7.0.2
apple/iphone_os 7.0.3
apple/iphone_os 7.0.4
apple/iphone_os 7.0.5
apple/iphone_os 7.0.6
apple/iphone_os < 7.1
apple/mac_os_x 10.9
apple/mac_os_x 10.9.1
... and 5 more
Published Apr 23, 2014
Tracked Since Feb 18, 2026