CVE-2014-1322

macOS < 10.9.2 - Unprotected Kernel Pointer Exposure via XNU Object Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-1322. PoCs published by Ian Beer, raymondpittman.

AI-analyzed exploit summary This exploit demonstrates a local security-bypass vulnerability in Apple Mac OS X by creating a shared memory segment and leaking internal kernel memory addresses via the `shm_internal` field. It leverages improper access controls in the shared memory subsystem.

Description

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ian Beer · clocalosx
https://www.exploit-db.com/exploits/39147

This exploit demonstrates a local security-bypass vulnerability in Apple Mac OS X by creating a shared memory segment and leaking internal kernel memory addresses via the `shm_internal` field. It leverages improper access controls in the shared memory subsystem.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple Mac OS X 10.9.2
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by raymondpittman · poc
https://github.com/raymondpittman/IPC-Memory-Mac-OSX-Exploit

This PoC exploits CVE-2014-1322 by leveraging shared memory to bypass ASLR on macOS by reading kernel pointers from an XNU object accessible from user space. It uses shmget and shmctl to retrieve and display the kernel pointer stored in the shm_internal field.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple OS X through 10.9.2
No auth needed
Prerequisites: Local access to a vulnerable macOS system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory vendor-advisory x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Scores

EPSS 0.0024
EPSS Percentile 47.8%

Details

CWE
CWE-200
Status published
Products (3)
apple/mac_os_x 10.9
apple/mac_os_x 10.9.1
apple/mac_os_x < 10.9.2
Published Apr 23, 2014
Tracked Since Feb 18, 2026