Sign-up

ID

VAR-201402-0404


CVE

CVE-2014-1265


TITLE

Apple Mac OS X Vulnerability that bypasses access restrictions in the system settings program of the date and time subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2014-001491

DESCRIPTION

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2

Trust: 1.98

sources: NVD: CVE-2014-1265 // JVNDB: JVNDB-2014-001491 // BID: 65777 // VULHUB: VHN-69204

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.7.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.7.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.8.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.7.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.7.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.7.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.0

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.9.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.7.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.7.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.7.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 0.6

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

sources: BID: 65777 // JVNDB: JVNDB-2014-001491 // CNNVD: CNNVD-201402-456 // NVD: CVE-2014-1265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1265
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1265
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-456
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1265
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69204
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69204 // JVNDB: JVNDB-2014-001491 // CNNVD: CNNVD-201402-456 // NVD: CVE-2014-1265

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-69204 // JVNDB: JVNDB-2014-001491 // NVD: CVE-2014-1265

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201402-456

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201402-456

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001491

PATCH
title:APPLE-SA-2014-02-25-1url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150
Trust: 0.8
title:HT6150url:http://support.apple.com/kb/HT6150?viewlocale=ja_JP
Trust: 0.8
title:OSXUpd10.9.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48288
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-001491 // 
            
            
            
            CNNVD: CNNVD-201402-456

EXTERNAL IDS
db:NVDid:CVE-2014-1265
Trust: 2.8
db:JVNid:JVNVU95868425
Trust: 0.8
db:JVNDBid:JVNDB-2014-001491
Trust: 0.8
db:CNNVDid:CNNVD-201402-456
Trust: 0.7
db:BIDid:65777
Trust: 0.3
db:VULHUBid:VHN-69204
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69204 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001491 // 
            
            
            
            CNNVD: CNNVD-201402-456 // 
            
            
            
            NVD: CVE-2014-1265

REFERENCES
url:http://support.apple.com/kb/ht6150
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1265
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95868425/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1265
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-69204 // 
            
            
            
            BID: 65777 // 
            
            
            
            JVNDB: JVNDB-2014-001491 // 
            
            
            
            CNNVD: CNNVD-201402-456 // 
            
            
            
            NVD: CVE-2014-1265

CREDITS
Roland Moriz of Moriz GmbH, Felix Groebert of the Google Security Team, Meder Kydyraliev of the Google Security Team,
Rob Ansaldo of Amherst College, Graham Bennett Karl Smith of NCC Group, Apple, Lucas Apa and Carlos Mario Penagos of IOActive Labs, Tom Ga
Trust: 0.3
sources:
            
            
            BID: 65777

SOURCES
db:VULHUBid:VHN-69204
db:BIDid:65777
db:JVNDBid:JVNDB-2014-001491
db:CNNVDid:CNNVD-201402-456
db:NVDid:CVE-2014-1265

LAST UPDATE DATE
2025-04-13T22:22:50.609000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69204date:2014-02-27T00:00:00
db:BIDid:65777date:2014-04-17T00:49:00
db:JVNDBid:JVNDB-2014-001491date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-456date:2014-06-17T00:00:00
db:NVDid:CVE-2014-1265date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69204date:2014-02-27T00:00:00
db:BIDid:65777date:2014-02-25T00:00:00
db:JVNDBid:JVNDB-2014-001491date:2014-02-28T00:00:00
db:CNNVDid:CNNVD-201402-456date:2014-02-28T00:00:00
db:NVDid:CVE-2014-1265date:2014-02-27T01:55:04.133