Details of VAR-201409-0513

ID

VAR-201409-0513

CVE

CVE-2014-4376

TITLE

Apple OS X of IOAcceleratorFamily of IOKit Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2014-004337

DESCRIPTION

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to an arbitrary code-execution vulnerability because it fails to properly validate user-supplied input. Attackers can exploit this issue to execute arbitrary code in the context of the system privileges. Failed exploit attempts may result in a denial-of-service condition. Apple OS X is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049 Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/) Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. CVE-ID CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525 Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367 OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2014-4376 // JVNDB: JVNDB-2014-004337 // BID: 69906 // VULHUB: VHN-72316 // PACKETSTORM: 128315

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 2.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.3	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9 to 10.9.4	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.9.5	Trust: 0.3

sources: BID: 69906 // JVNDB: JVNDB-2014-004337 // CNNVD: CNNVD-201409-701 // NVD: CVE-2014-4376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4376
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4376
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-701
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-72316
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4376
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72316
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72316 // JVNDB: JVNDB-2014-004337 // CNNVD: CNNVD-201409-701 // NVD: CVE-2014-4376

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-004337 // NVD: CVE-2014-4376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-701

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201409-701

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004337

PATCH

title:	HT6443	url:	http://support.apple.com/kb/HT6443	Trust: 0.8
title:	HT6443	url:	http://support.apple.com/kb/HT6443?viewlocale=ja_JP	Trust: 0.8
title:	OSXUpd10.9.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51639	Trust: 0.6

sources: JVNDB: JVNDB-2014-004337 // CNNVD: CNNVD-201409-701

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4376	Trust: 2.9
db:	BID	id:	69906	Trust: 1.4
db:	SECTRACK	id:	1030868	Trust: 1.1
db:	JVN	id:	JVNVU93868849	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004337	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-701	Trust: 0.7
db:	VULHUB	id:	VHN-72316	Trust: 0.1
db:	PACKETSTORM	id:	128315	Trust: 0.1

sources: VULHUB: VHN-72316 // BID: 69906 // JVNDB: JVNDB-2014-004337 // PACKETSTORM: 128315 // CNNVD: CNNVD-201409-701 // NVD: CVE-2014-4376

REFERENCES

url:	http://support.apple.com/kb/ht6443	Trust: 2.0
url:	http://www.securityfocus.com/bid/69906	Trust: 1.1
url:	https://code.google.com/p/google-security-research/issues/detail?id=31	Trust: 1.1
url:	http://www.securitytracker.com/id/1030868	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/96051	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4376	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93868849/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4376	Trust: 0.8
url:	https://www.apple.com/osx/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4378	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3487	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4379	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0238	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0076	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4376	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4377	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4350	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4381	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2525	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0237	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3480	Trust: 0.1
url:	http://www.vsecurity.com/)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-2270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0207	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3515	Trust: 0.1
url:	http://support.apple.com/kb/ht6367	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3479	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1391	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4049	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3470	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0195	Trust: 0.1

sources: VULHUB: VHN-72316 // BID: 69906 // JVNDB: JVNDB-2014-004337 // PACKETSTORM: 128315 // CNNVD: CNNVD-201409-701 // NVD: CVE-2014-4376

CREDITS

Ian Beer of Google Project Zero

Trust: 0.3

sources: BID: 69906

SOURCES

db:	VULHUB	id:	VHN-72316
db:	BID	id:	69906
db:	JVNDB	id:	JVNDB-2014-004337
db:	PACKETSTORM	id:	128315
db:	CNNVD	id:	CNNVD-201409-701
db:	NVD	id:	CVE-2014-4376

LAST UPDATE DATE

2025-04-13T21:41:55.514000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72316	date:	2017-08-29T00:00:00
db:	BID	id:	69906	date:	2014-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-004337	date:	2014-09-22T00:00:00
db:	CNNVD	id:	CNNVD-201409-701	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-4376	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72316	date:	2014-09-19T00:00:00
db:	BID	id:	69906	date:	2014-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-004337	date:	2014-09-22T00:00:00
db:	PACKETSTORM	id:	128315	date:	2014-09-19T15:26:13
db:	CNNVD	id:	CNNVD-201409-701	date:	2014-09-22T00:00:00
db:	NVD	id:	CVE-2014-4376	date:	2014-09-19T10:55:03.497