Sign-up

ID

VAR-201501-0256


CVE

CVE-2014-8819


TITLE

Apple OS X of Intel Graphics Driver Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-001298

DESCRIPTION

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. This vulnerability CVE-2014-8820 and CVE-2014-8821 Is a different vulnerability.Authority may be obtained by local users. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers

Trust: 1.98

sources: NVD: CVE-2014-8819 // JVNDB: JVNDB-2015-001298 // BID: 72328 // VULHUB: VHN-76764

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001298 // CNNVD: CNNVD-201501-741 // NVD: CVE-2014-8819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8819
value: HIGH

Trust: 1.0

NVD: CVE-2014-8819
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201501-741
value: HIGH

Trust: 0.6

VULHUB: VHN-76764
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8819
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76764
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76764 // JVNDB: JVNDB-2015-001298 // CNNVD: CNNVD-201501-741 // NVD: CVE-2014-8819

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-8819

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-741

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201501-741

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001298

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:osxupd10.10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587
Trust: 0.6
title:iPhone7,1_8.1.3_12B466_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001298 // 
            
            
            
            CNNVD: CNNVD-201501-741

EXTERNAL IDS
db:NVDid:CVE-2014-8819
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001298
Trust: 0.8
db:CNNVDid:CNNVD-201501-741
Trust: 0.7
db:VULHUBid:VHN-76764
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76764 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001298 // 
            
            
            
            CNNVD: CNNVD-201501-741 // 
            
            
            
            NVD: CVE-2014-8819

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100500
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8819
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96447236/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8819
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76764 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001298 // 
            
            
            
            CNNVD: CNNVD-201501-741 // 
            
            
            
            NVD: CVE-2014-8819

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-741

SOURCES
db:VULHUBid:VHN-76764
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001298
db:CNNVDid:CNNVD-201501-741
db:NVDid:CVE-2014-8819

LAST UPDATE DATE
2025-04-13T19:38:19.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76764date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001298date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-741date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8819date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76764date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001298date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-741date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8819date:2015-01-30T11:59:30.453