ID
VAR-201411-0270
CVE
CVE-2014-4458
TITLE
Apple OS X Vulnerability in obtaining important information in System Profiler component
Trust: 0.8
DESCRIPTION
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. Apple Mac OS X is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. System Profiler About This Mac is one of the components used to view the native (Mac) system overview. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 OS X 10.10.1 is now available and addresses the following: CFNetwork Available for: OS X Yosemite v10.10 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460 Spotlight Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers Description: The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user's approximate location as part of queries. This issue was addressed by removing cookies from the connection. CVE-ID CVE-2014-4458 : Landon Fuller of Plausible Labs WebKit Available for: OS X Yosemite v10.10 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of page objects. This issue was addressed through improved memory management. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUadzaAAoJEBcWfLTuOo7t+NEQAJ9Ol8jEbJjK9gX2vepXSgB/ l4xfQIoD0dC5vGKquE+HJS0zH7sdmd9mK+Th439fy4z2PtjulQIKXDdP60CFsZcQ oj7XU1TmWvZjCqWsr90fA61mIWsX9WjfbwKaN55ioLF2NOXBA1+AevqsosN/kj9m OcfGnIhaAOmFtlveKywSwwep0TGMXMHmi7NjScdlJRdu1GQAlpkq0iqkMjzueoPI zgZuC3xopuqMtaf686cAcgVo0FM8gX3Gj55MhDDy2bkl4/dj1+N5KBnaZGGQEaww 9FNtK0OUBzG9qpBRDMbuAihGn4FzhZa3/DIAjfr6t2h1xV5SSjH93wGbCl7Yp8jE +Gi82WRf3DJ60ztGRvQZkiBpkC0pMretdBHXRAiSTWwiRuRYghENmY9vDWHthj3z 8HZWHxbcGLsDQQKUFzO4+v60LKs/LQ92nTNhuQyMeh4Jse3Qg8lUknthSEsw1UXd GqOKlvKOEQP5JXir6VzjgppYThBAVKnCbzVXcxLUGgVxmk9L/HDhbnxS3rd2U4M0 vAxgBt8/8sjDEdO7IM6AtmBlSGQrxQ4trkG3vmw75RVgwWvFQ1J7b588qtFiVu/N KRTp3qMKRkZiakkinyZEv6zj6AKKa1CohlorI7tiD0rlOYbw1+n2gHi+1ahreO6f VT75kTNto2qPitQC9I+6 =9Emx -----END PGP SIGNATURE-----
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9.2 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.3 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.4 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.2 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.4 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.0 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.1 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.3 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.2 | Trust: 1.6 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.10 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.11 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.8.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.9.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.0.1 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.4.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.6.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.5 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.7 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.1.3 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.2.4 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | lte | version: | 10.10.0 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.7.2 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.5.6 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.3.8 | Trust: 1.0 |
| vendor: | apple | model: | mac os x | scope: | eq | version: | 10.10 | Trust: 0.8 |
| vendor: | cosmicperl | model: | directory pro | scope: | eq | version: | 10.0.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.6.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.11 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.10 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.9 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.9 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.8 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.7 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.6 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1.5 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.0.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.0.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.0.1 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.0 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.7.4 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.7.3 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.7.2 | Trust: 0.3 |
| vendor: | apple | model: | mac os | scope: | eq | version: | x10.7.1 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | APPLE-SA-2014-11-17-2 | url: | http://lists.apple.com/archives/security-announce/2014/Nov/msg00001.html | Trust: 0.8 |
| title: | HT6591 | url: | https://support.apple.com/en-eu/HT6591 | Trust: 0.8 |
| title: | HT6591 | url: | https://support.apple.com/ja-jp/HT6591 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-4458 | Trust: 2.9 |
| db: | BID | id: | 71139 | Trust: 1.4 |
| db: | SECUNIA | id: | 62503 | Trust: 1.1 |
| db: | SECTRACK | id: | 1031230 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2014-005513 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201411-311 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-72398 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 129159 | Trust: 0.1 |
REFERENCES
| url: | http://lists.apple.com/archives/security-announce/2014/nov/msg00001.html | Trust: 1.7 |
| url: | http://www.securityfocus.com/bid/71139 | Trust: 1.1 |
| url: | https://support.apple.com/en-us/ht204419 | Trust: 1.1 |
| url: | https://support.apple.com/en-us/ht6591 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1031230 | Trust: 1.1 |
| url: | http://secunia.com/advisories/62503 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/98785 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4458 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4458 | Trust: 0.8 |
| url: | http://www.apple.com/macosx/ | Trust: 0.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-4459 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-4460 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-4453 | Trust: 0.1 |
| url: | https://www.apple.com/support/security/pgp/ | Trust: 0.1 |
| url: | http://support.apple.com/kb/ht1222 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-4458 | Trust: 0.1 |
| url: | http://gpgtools.org | Trust: 0.1 |
CREDITS
Landon Fuller of Plausible Labs.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-72398 |
| db: | BID | id: | 71139 |
| db: | JVNDB | id: | JVNDB-2014-005513 |
| db: | PACKETSTORM | id: | 129159 |
| db: | CNNVD | id: | CNNVD-201411-311 |
| db: | NVD | id: | CVE-2014-4458 |
LAST UPDATE DATE
2025-04-13T21:21:37.664000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-72398 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 71139 | date: | 2014-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005513 | date: | 2014-11-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201411-311 | date: | 2014-11-19T00:00:00 |
| db: | NVD | id: | CVE-2014-4458 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-72398 | date: | 2014-11-18T00:00:00 |
| db: | BID | id: | 71139 | date: | 2014-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-005513 | date: | 2014-11-19T00:00:00 |
| db: | PACKETSTORM | id: | 129159 | date: | 2014-11-19T01:03:08 |
| db: | CNNVD | id: | CNNVD-201411-311 | date: | 2014-11-19T00:00:00 |
| db: | NVD | id: | CVE-2014-4458 | date: | 2014-11-18T11:59:05.733 |