CVE-2014-1322

Apple Mac OS X < 10.9.2 - Information Disclosure

Title source: rule

Description

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Ian Beer · clocalosx

https://www.exploit-db.com/exploits/39147

View Code ZIP pw:eip

nomisec WORKING POC

by raymondpittman · poc

https://github.com/raymondpittman/IPC-Memory-Mac-OSX-Exploit

View Code ZIP pw:eip

References (1)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Scores

EPSS 0.0024

EPSS Percentile 47.4%

Details

CWE

CWE-200

Status published

Products (3)

apple/mac_os_x 10.9

apple/mac_os_x 10.9.1

apple/mac_os_x < 10.9.2

Published Apr 23, 2014

Tracked Since Feb 18, 2026