What is the severity of CVE-2014-1371?

CVE-2014-1371 has a high severity level due to its potential for arbitrary code execution and denial of service.

How do I fix CVE-2014-1371?

To fix CVE-2014-1371, users should update their Apple OS X to version 10.9.4 or later.

Which versions of macOS are affected by CVE-2014-1371?

CVE-2014-1371 affects Apple OS X versions prior to 10.9.4, including 10.7.x and 10.8.x.

Can CVE-2014-1371 be exploited remotely?

Yes, CVE-2014-1371 can be exploited remotely if an attacker can send a message to a vulnerable sandboxed application.

What type of attack does CVE-2014-1371 enable?

CVE-2014-1371 enables attackers to execute arbitrary code or cause a denial of service through incorrect function-pointer dereference.

Vulnerability/
CVE-2014-1371

high

7.5

CWE

119

1/7/2014

6/8/2024

CVE-2014-1371: Buffer Overflow

First published: Tue Jul 01 2014(Updated: )

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iOS and macOS	<=10.9.3
Apple iOS and macOS	=10.7.0
Apple iOS and macOS	=10.7.1
Apple iOS and macOS	=10.7.2
Apple iOS and macOS	=10.7.3
Apple iOS and macOS	=10.7.4
Apple iOS and macOS	=10.7.5
Apple iOS and macOS	=10.8.0
Apple iOS and macOS	=10.8.1
Apple iOS and macOS	=10.8.2
Apple iOS and macOS	=10.8.3
Apple iOS and macOS	=10.8.4
Apple iOS and macOS	=10.8.5
Apple iOS and macOS	=10.8.5-supplemental_update
Apple iOS and macOS	=10.9
Apple iOS and macOS	=10.9.1
Apple iOS and macOS	=10.9.2
Apple macOS Server	=10.7.0
Apple macOS Server	=10.7.1
Apple macOS Server	=10.7.2
Apple macOS Server	=10.7.3
Apple macOS Server	=10.7.4
Apple macOS Server	=10.7.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-1371?
CVE-2014-1371 has a high severity level due to its potential for arbitrary code execution and denial of service.
How do I fix CVE-2014-1371?
To fix CVE-2014-1371, users should update their Apple OS X to version 10.9.4 or later.
Which versions of macOS are affected by CVE-2014-1371?
CVE-2014-1371 affects Apple OS X versions prior to 10.9.4, including 10.7.x and 10.8.x.
Can CVE-2014-1371 be exploited remotely?
Yes, CVE-2014-1371 can be exploited remotely if an attacker can send a message to a vulnerable sandboxed application.
What type of attack does CVE-2014-1371 enable?
CVE-2014-1371 enables attackers to execute arbitrary code or cause a denial of service through incorrect function-pointer dereference.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple ios and macos
version/apple ios and macos/10.9.3
version/apple ios and macos/10.7.0
version/apple ios and macos/10.7.1
version/apple ios and macos/10.7.2
version/apple ios and macos/10.7.3
version/apple ios and macos/10.7.4
version/apple ios and macos/10.7.5
version/apple ios and macos/10.8.0
version/apple ios and macos/10.8.1
version/apple ios and macos/10.8.2
version/apple ios and macos/10.8.3
version/apple ios and macos/10.8.4
version/apple ios and macos/10.8.5
version/apple ios and macos/10.8.5-supplemental_update
version/apple ios and macos/10.9
version/apple ios and macos/10.9.1
version/apple ios and macos/10.9.2
canonical/apple macos server
version/apple macos server/10.7.0
version/apple macos server/10.7.1
version/apple macos server/10.7.2
version/apple macos server/10.7.3
version/apple macos server/10.7.4
version/apple macos server/10.7.5