CVE-2014-1320
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
23/04/2014
Last modified:
12/04/2025
Description
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.9.2 (including) | |
| cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 7.1 (including) | |
| cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* | 6.1 (including) | |
| cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html