ID CVE-2014-1300
Summary Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
References
Vulnerable Configurations
  • Apple Safari 7.0.2
    cpe:2.3:a:apple:safari:7.0.2
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
CVSS
Base: 10.0 (as of 26-03-2014 - 14:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id ITUNES_12_0_1.NASL
    description The version of Apple iTunes installed on the remote Windows host is prior to 12.0.1. It is, therefore, affected by multiple vulnerabilities due to the included version of WebKit. The errors could lead to application crashes or arbitrary code execution. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78597
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78597
    title Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_12_0_1_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 12.0.1. It is, therefore, affected by multiple vulnerabilities related to the included version of WebKit. The errors could lead to application crashes or arbitrary code execution. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78598
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78598
    title Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI7_0_3.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.1.3 or 7.0.3. It is, therefore, potentially affected by the following vulnerabilities related to the included WebKit components : - Unspecified errors exist that could allow memory corruption, application crashes and possibly arbitrary code execution. (CVE-2013-2871, CVE-2013-2926, CVE-2013-2928, CVE-2013-6625, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1301, CVE-2014-1302, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1310, CVE-2014-1311, CVE-2014-1312, CVE-2014-1313, CVE-2014-1713) - An error exists related to IPC messages and 'WebProcess' that could allow an attacker to read arbitrary files. (CVE-2014-1297)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 73304
    published 2014-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73304
    title Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
refmap via4
apple
  • APPLE-SA-2014-04-01-1
  • APPLE-SA-2014-04-22-2
  • APPLE-SA-2014-04-22-3
confirm https://support.apple.com/kb/HT6537
misc
Last major update 07-12-2016 - 22:04
Published 26-03-2014 - 10:55
Back to Top