Details of VAR-201410-1061

ID

VAR-201410-1061

CVE

CVE-2014-4431

TITLE

Apple OS X of Dock Vulnerabilities displayed in windows

Trust: 0.8

sources: JVNDB: JVNDB-2014-004871

DESCRIPTION

Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Apple Mac OS X is prone to a local security-bypass vulnerability. An attacker with physical access to a computer can exploit this issue to bypass screen lock. Successful exploits may lead to other attacks. Apple Mac OS X versions prior to 10.10 are vulnerable. The Dock is one of the graphical user interfaces used to start and switch running applications. The vulnerability stems from the program not properly managing the lock screen state. An attacker could exploit this vulnerability to browse windows

Trust: 1.98

sources: NVD: CVE-2014-4431 // JVNDB: JVNDB-2014-004871 // BID: 70633 // VULHUB: VHN-72371

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.9.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.10	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.6
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10	Trust: 0.3

sources: BID: 70633 // JVNDB: JVNDB-2014-004871 // CNNVD: CNNVD-201410-609 // NVD: CVE-2014-4431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4431
value:	LOW
Trust: 1.0
NVD:	CVE-2014-4431
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-609
value:	LOW
Trust: 0.6
VULHUB:	VHN-72371
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-4431
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-4431
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-72371
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72371 // JVNDB: JVNDB-2014-004871 // CNNVD: CNNVD-201410-609 // NVD: CVE-2014-4431

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.1
problemtype:	CWE-287	Trust: 0.8

sources: VULHUB: VHN-72371 // JVNDB: JVNDB-2014-004871 // NVD: CVE-2014-4431

THREAT TYPE

local

Trust: 0.9

sources: BID: 70633 // CNNVD: CNNVD-201410-609

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201410-609

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004871

PATCH

title:	HT6535	url:	https://support.apple.com/kb/HT6535	Trust: 0.8
title:	HT6535	url:	http://support.apple.com/kb/HT6535?viewlocale=ja_JP	Trust: 0.8
title:	OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113	Trust: 0.6

sources: JVNDB: JVNDB-2014-004871 // CNNVD: CNNVD-201410-609

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4431	Trust: 2.8
db:	BID	id:	70633	Trust: 1.4
db:	SECTRACK	id:	1031063	Trust: 1.1
db:	JVN	id:	JVNVU97537282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004871	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-609	Trust: 0.7
db:	VULHUB	id:	VHN-72371	Trust: 0.1

sources: VULHUB: VHN-72371 // BID: 70633 // JVNDB: JVNDB-2014-004871 // CNNVD: CNNVD-201410-609 // NVD: CVE-2014-4431

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Trust: 2.5
url:	https://support.apple.com/kb/ht6535	Trust: 2.0
url:	http://www.securityfocus.com/bid/70633	Trust: 1.1
url:	http://www.securitytracker.com/id/1031063	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/97638	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4431	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97537282/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4431	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-72371 // BID: 70633 // JVNDB: JVNDB-2014-004871 // CNNVD: CNNVD-201410-609 // NVD: CVE-2014-4431

CREDITS

Emil Sjölander of Umeå University

Trust: 0.3

sources: BID: 70633

SOURCES

db:	VULHUB	id:	VHN-72371
db:	BID	id:	70633
db:	JVNDB	id:	JVNDB-2014-004871
db:	CNNVD	id:	CNNVD-201410-609
db:	NVD	id:	CVE-2014-4431

LAST UPDATE DATE

2025-04-13T19:47:44.818000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72371	date:	2017-08-29T00:00:00
db:	BID	id:	70633	date:	2014-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004871	date:	2014-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201410-609	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4431	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72371	date:	2014-10-18T00:00:00
db:	BID	id:	70633	date:	2014-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004871	date:	2014-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201410-609	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4431	date:	2014-10-18T01:55:13.353