cvelistv5 - cve-2014-1376

CVE-2014-1376 (GCVE-0-2014-1376)

Vulnerability from cvelistv5

Published

2014-07-01 10:00

Modified

2024-08-06 09:42

Severity ?

CWE

Summary

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-j288-cwf6-9mv5

Vulnerability from github

Published

2022-05-17 04:01

Modified

2022-05-17 04:01

Details

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1376"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-01T10:17:00Z",
    "severity": "HIGH"
  },
  "details": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.",
  "id": "GHSA-j288-cwf6-9mv5",
  "modified": "2022-05-17T04:01:48Z",
  "published": "2022-05-17T04:01:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1376"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030505"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. The vulnerability is caused by the program not properly restricting OpenGL API calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003

OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following:

Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005.

copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP

curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015

Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative

Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero

iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero

Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero

IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378

IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero

launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero

Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero

Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC

Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm

Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293

OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0098",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.8.3"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.9 to  10.9.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chaitanya (SegFault) working with iDefense VCP, an anonymous researcher working with HP\u0027s Zero Day Initiative, Ian Beer of Google Project Zero, Steve Dunham, Apple, Ben Langfeld of Mojo Lingo LLC and Catherine aka winocm.",
    "sources": [
      {
        "db": "BID",
        "id": "68272"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-1376",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-1376",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-69315",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-1376",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-1376",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-056",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69315",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. \nThe  update addresses new vulnerabilities that affect copyfile,  Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel  Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and  Thunderbolt. \nAttackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. \nThese issues affect OS X prior to 10.9.4. The vulnerability is caused by the program not properly restricting OpenGL API calls. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update\n2014-003\n\nOS X Mavericks 10.9.4 and Security Update 2014-003 are now available\nand address the following:\n\nCertificate Trust Policy\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttp://support.apple.com/kb/HT6005. \n\ncopyfile\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  Opening a maliciously crafted zip file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An out of bounds byte swapping issue existed in the\nhandling of AppleDouble files in zip archives. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP\n\ncurl\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A remote attacker may be able to gain access to another\nuser\u0027s session\nDescription:  cURL re-used NTLM connections when more than one\nauthentication method was enabled, which allowed an attacker to gain\naccess to another user\u0027s session. \nCVE-ID\nCVE-2014-0015\n\nDock\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\nImpact:  A sandboxed application may be able to circumvent sandbox\nrestrictions\nDescription:  An unvalidated array index issue existed in the\nDock\u0027s handling of messages from applications. A maliciously\ncrafted message could cause an invalid function pointer to be\ndereferenced, which could lead to an unexpected application\ntermination or arbitrary code execution. \nCVE-ID\nCVE-2014-1371 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nGraphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read kernel memory, which can be used to\nbypass kernel address space layout randomization\nDescription:  An out-of-bounds read issue existed in the handling of\na system call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1372 : Ian Beer of Google Project Zero\n\niBooks Commerce\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  An attacker with access to a system may be able to recover\nApple ID credentials\nDescription:  An issue existed in the handling of iBooks logs. The\niBooks process could log Apple ID credentials in the iBooks log where\nother users of the system could read it. This issue was addressed by\ndisallowing logging of credentials. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1373 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription:  A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by removing the\npointer from the object. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An array indexing issue existed in IOAcceleratorFamily. \nThis issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1377 : Ian Beer of Google Project Zero\n\nIOGraphicsFamily\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription:  A kernel pointer stored in an IOKit object could be\nretrieved from userland. This issue was addressed by using a unique\nID instead of a pointer. \nCVE-ID\nCVE-2014-1378\n\nIOReporting\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A local user could cause an unexpected system restart\nDescription:  A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through additional\nvalidation of IOKit API arguments. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1359 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in launchd\u0027s handling of\nIPC messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1356 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A heap buffer overflow existed in launchd\u0027s handling of\nlog messages. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1357 : Ian Beer of Google Project Zero\n\nlaunchd\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An integer overflow existed in launchd. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1358 : Ian Beer of Google Project Zero\n\nGraphics Drivers\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple null dereference issues existed in kernel\ngraphics drivers. A maliciously crafted 32-bit executable may have\nbeen able to obtain elevated privileges. \nCVE-ID\nCVE-2014-1379 : Ian Beer of Google Project Zero\n\nSecurity - Keychain\nAvailable for:  OS X Mavericks 10.9 to 10.9.3\nImpact:  An attacker may be able to type into windows under the\nscreen lock\nDescription:  Under rare circumstances, the screen lock did not\nintercept keystrokes. This could have allowed an attacker to type\ninto windows under the screen lock. This issue was addressed through\nimproved keystroke observer management. \nCVE-ID\nCVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC\n\nSecurity - Secure Transport\nAvailable for:  OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.3\nImpact:  Two bytes of memory could be disclosed to a remote attacker\nDescription:  An uninitialized memory access issue existing in the\nhandling of DTLS messages in a TLS connection. This issue was\naddressed by only accepting DTLS messages in a DTLS connection. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-1381 : Catherine aka winocm\n\nNote: OS X Mavericks 10.9.4 includes the security content of\nSafari 7.0.5: http://support.apple.com/kb/HT6293\n\nOS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN\n6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX\na569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM\nKx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb\nnak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr\nQ/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR\nuqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo\nT/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR\n1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4\nFiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka\nePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr\n+/tiYIHJ5pUCKf+C8xJC\n=HkFr\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "BID",
        "id": "68272"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1376",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "59475",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1030505",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU99696049",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "68272",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-69315",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127306",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "BID",
        "id": "68272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "id": "VAR-201407-0098",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:05:54.174000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6296",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6296"
      },
      {
        "title": "HT6296",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6296?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht6296"
      },
      {
        "trust": 1.1,
        "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1030505"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/59475"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1376"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99696049/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1376"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6293"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6005."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1377"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1357"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1372"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1356"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1380"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1375"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1379"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1358"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1355"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1371"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1359"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1317"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1378"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1381"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1373"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1376"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "BID",
        "id": "68272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "db": "BID",
        "id": "68272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "date": "2014-06-30T00:00:00",
        "db": "BID",
        "id": "68272"
      },
      {
        "date": "2014-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "date": "2014-07-01T01:03:32",
        "db": "PACKETSTORM",
        "id": "127306"
      },
      {
        "date": "2014-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "date": "2014-07-01T10:17:27.347000",
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69315"
      },
      {
        "date": "2014-07-21T00:30:00",
        "db": "BID",
        "id": "68272"
      },
      {
        "date": "2014-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      },
      {
        "date": "2014-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      },
      {
        "date": "2024-11-21T02:04:10.770000",
        "db": "NVD",
        "id": "CVE-2014-1376"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X of  Intel Compute Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003071"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-056"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2014-AVI-293

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple OS X Mavericks v10.9.4 et versions antérieures
Apple	Safari	Apple Safari 7.0.5 et versions antérieures
Apple	N/A	Apple TV 6.1.2 et versions antérieures
Apple	N/A	Apple OS X Mountain Lion v10.8.5 et versions antérieures
Apple	N/A	Apple OS X Lion v10.7.5 et versions antérieures
Apple	Safari	Apple Safari 6.1.5 et versions antérieures
Apple	N/A	Apple iOS 7.1.2 et versions antérieures
Apple	N/A	Apple OS X Lion Server v10.7.5 et versions antérieures

References

Title

Publication Time

gsd-2014-1376

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

Aliases

CVE-2014-1376

Aliases

CVE-2014-1376

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1376",
    "description": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.",
    "id": "GSD-2014-1376"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1376"
      ],
      "details": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.",
      "id": "GSD-2014-1376",
      "modified": "2023-12-13T01:22:51.431575Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1376",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT6296",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6296"
          },
          {
            "name": "1030505",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030505"
          },
          {
            "name": "APPLE-SA-2014-06-30-2",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
          },
          {
            "name": "https://code.google.com/p/google-security-research/issues/detail?id=19",
            "refsource": "MISC",
            "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
          },
          {
            "name": "59475",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59475"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.9.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1376"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2014-06-30-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6296",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT6296"
            },
            {
              "name": "59475",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59475"
            },
            {
              "name": "1030505",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030505"
            },
            {
              "name": "https://code.google.com/p/google-security-research/issues/detail?id=19",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-11-20T16:11Z",
      "publishedDate": "2014-07-01T10:17Z"
    }
  }
}

fkie_cve-2014-1376

Vulnerability from fkie_nvd

Published

2014-07-01 10:17

Modified

2025-04-12 10:46

Severity ?

Summary

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

References

URL	Tags
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
product-security@apple.com	http://secunia.com/advisories/59475
product-security@apple.com	http://support.apple.com/kb/HT6296
product-security@apple.com	http://www.securitytracker.com/id/1030505
product-security@apple.com	https://code.google.com/p/google-security-research/issues/detail?id=19	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59475
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6296
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030505
af854a3a-2127-422b-91ae-364da2661108	https://code.google.com/p/google-security-research/issues/detail?id=19	Exploit

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.8.0
apple	mac_os_x	10.8.1
apple	mac_os_x	10.8.2
apple	mac_os_x	10.8.3
apple	mac_os_x	10.8.4
apple	mac_os_x	10.8.5
apple	mac_os_x	10.8.5
apple	mac_os_x	10.9
apple	mac_os_x	10.9.1
apple	mac_os_x	10.9.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB864BA-7FED-47E3-9391-B89598594AF8",
              "versionEndIncluding": "10.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "2F1DAD30-BA77-40C2-9245-05DF871FDDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAD650-87D1-49BB-A8C7-BA39FD47285C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application."
    },
    {
      "lang": "es",
      "value": "Intel Compute en Apple OS X anterior a 10.9.4 no restringe debidamente una llamada OpenCL API no especificada, lo que permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2014-1376",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-01T10:17:27.347",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1030505"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT6296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://code.google.com/p/google-security-research/issues/detail?id=19"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-1376 (GCVE-0-2014-1376)

Vulnerability from cvelistv5

ghsa-j288-cwf6-9mv5

Vulnerability from github

var-201407-0098

Vulnerability from variot

CERTFR-2014-AVI-293

Vulnerability from certfr_avis

Solution

gsd-2014-1376

Vulnerability from gsd

fkie_cve-2014-1376

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature