CVE-2014-8817 in Apple Mac OS Xinformación

Resumen (Inglés)

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.

Reservar

2014-11-14

Divulgación

2015-01-30

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
68877Apple Mac OS X CoreSymbolication19No probadoArreglo oficialCVE-2014-8817

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!