CVE-2014-4425

Apple OS X <10.10 - Info Disclosure

Title source: llm

Description

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/97640

[Vendor Advisory] https://support.apple.com/kb/HT6535

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70630

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031063

Scores

EPSS 0.0006

EPSS Percentile 18.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

apple/mac_os_x < 10.9.5

Timeline

Published Oct 18, 2014

Tracked Since Feb 18, 2026