Sign-up

ID

VAR-201402-0401


CVE

CVE-2014-1262


TITLE

Apple Mac OS X of Apple Type Services In App Sandbox Vulnerabilities that bypass the protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2014-001488

DESCRIPTION

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2. Attackers can exploit this vulnerability to bypass the App sandbox

Trust: 1.98

sources: NVD: CVE-2014-1262 // JVNDB: JVNDB-2014-001488 // BID: 65777 // VULHUB: VHN-69201

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.9.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.9

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

sources: BID: 65777 // JVNDB: JVNDB-2014-001488 // CNNVD: CNNVD-201402-453 // NVD: CVE-2014-1262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1262
value: HIGH

Trust: 1.0

NVD: CVE-2014-1262
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201402-453
value: HIGH

Trust: 0.6

VULHUB: VHN-69201
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-1262
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69201
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69201 // JVNDB: JVNDB-2014-001488 // CNNVD: CNNVD-201402-453 // NVD: CVE-2014-1262

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69201 // JVNDB: JVNDB-2014-001488 // NVD: CVE-2014-1262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-453

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201402-453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001488

PATCH
title:APPLE-SA-2014-02-25-1url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150?viewlocale=ja_JP
Trust: 0.8
title:OSXUpd10.9.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48288
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-001488 // 
            
            
            
            CNNVD: CNNVD-201402-453

EXTERNAL IDS
db:NVDid:CVE-2014-1262
Trust: 2.8
db:JVNid:JVNVU95868425
Trust: 0.8
db:JVNDBid:JVNDB-2014-001488
Trust: 0.8
db:CNNVDid:CNNVD-201402-453
Trust: 0.7
db:BIDid:65777
Trust: 0.3
db:VULHUBid:VHN-69201
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69201 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001488 // 
            
            
            
            CNNVD: CNNVD-201402-453 // 
            
            
            
            NVD: CVE-2014-1262

REFERENCES
url:http://support.apple.com/kb/ht6150
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1262
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95868425/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1262
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69201 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001488 // 
            
            
            
            CNNVD: CNNVD-201402-453 // 
            
            
            
            NVD: CVE-2014-1262

CREDITS
Roland Moriz of Moriz GmbH, Felix Groebert of the Google Security Team, Meder Kydyraliev of the Google Security Team,
Rob Ansaldo of Amherst College, Graham Bennett Karl Smith of NCC Group, Apple, Lucas Apa and Carlos Mario Penagos of IOActive Labs, Tom Ga
Trust: 0.3
sources:
            
            
            BID: 65777

SOURCES
db:VULHUBid:VHN-69201
db:BIDid:65777
db:JVNDBid:JVNDB-2014-001488
db:CNNVDid:CNNVD-201402-453
db:NVDid:CVE-2014-1262

LAST UPDATE DATE
2025-04-13T22:02:09.857000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69201date:2014-02-27T00:00:00
db:BIDid:65777date:2014-04-17T00:49:00
db:JVNDBid:JVNDB-2014-001488date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-453date:2014-06-17T00:00:00
db:NVDid:CVE-2014-1262date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69201date:2014-02-27T00:00:00
db:BIDid:65777date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001488date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-453date:2014-02-28T00:00:00
db:NVDid:CVE-2014-1262date:2014-02-27T01:55:04.023