Vulnerability Details : CVE-2014-8836
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
Vulnerability category: Input validationExecute codeDenial of service
Products affected by CVE-2014-8836
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8836
3.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8836
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-8836
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8836
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100490
Apple Mac OS X Bluetooth driver privilege escalation CVE-2014-8836 Vulnerability Report
-
http://code.google.com/p/google-security-research/issues/detail?id=136
136 - OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice - project-zero - MonorailExploit
-
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Apple - Lists.apple.comVendor Advisory
-
http://www.securitytracker.com/id/1031626
Apple OS X Memory Corruption Flaw in IOKit IOBluetoothDevice Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://support.apple.com/HT204244
About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001 - Apple SupportVendor Advisory
Jump to