CVE-2014-1322: Infoleak
First published: Wed Apr 23 2014(Updated: )
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | <=10.9.2 | |
| Apple iOS and macOS | =10.9 | |
| Apple iOS and macOS | =10.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-1322?
The severity of CVE-2014-1322 is considered high due to its potential to allow local users to bypass ASLR protections.
How do I fix CVE-2014-1322?
To fix CVE-2014-1322, update your macOS to a version later than 10.9.2.
What systems are affected by CVE-2014-1322?
CVE-2014-1322 affects Apple OS X versions up to and including 10.9.2.
Can exploitation of CVE-2014-1322 lead to further attacks?
Yes, exploitation of CVE-2014-1322 can facilitate further attacks by bypassing ASLR protection.
Who can exploit CVE-2014-1322?
CVE-2014-1322 can be exploited by local users with access to the affected system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.9.2
- version/apple ios and macos/10.9
- version/apple ios and macos/10.9.1