Vulnerability Details : CVE-2014-4402
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-4402
- cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.9.4:*:*:*:*:*:*:*
Threat overview for CVE-2014-4402
Top countries where our scanners detected CVE-2014-4402
Top open port discovered on systems with this issue
548
IPs affected by CVE-2014-4402 716
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-4402!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-4402
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4402
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-4402
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4402
-
http://support.apple.com/kb/HT6443
About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/69925
Apple Mac OS X CVE-2014-4402 Arbitrary Code Execution Vulnerability
-
http://www.securitytracker.com/id/1030868
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges and Obtain Potentially Sensitive Information - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96063
Apple Mac OS X IOAcceleratorFamily function code execution CVE-2014-4402 Vulnerability Report
-
https://code.google.com/p/google-security-research/issues/detail?id=33
33 - OS X IOKit kernel code execution due to lack of bounds checking in IOAccelDisplayPipeTransaction2::set_plane_gamma_table - project-zero - Monorail
Jump to