Details of VAR-201501-0257

ID

VAR-201501-0257

CVE

CVE-2014-8820

TITLE

Apple OS X of Intel Graphics Driver Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-001297

DESCRIPTION

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821. This vulnerability CVE-2014-8819 and CVE-2014-8821 Is a different vulnerability.Authority may be obtained by local users. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers

Trust: 1.98

sources: NVD: CVE-2014-8820 // JVNDB: JVNDB-2015-001297 // BID: 72328 // VULHUB: VHN-76765

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.10.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10.2	Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001297 // CNNVD: CNNVD-201501-727 // NVD: CVE-2014-8820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8820
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8820
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201501-727
value:	HIGH
Trust: 0.6
VULHUB:	VHN-76765
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8820
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76765
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76765 // JVNDB: JVNDB-2015-001297 // CNNVD: CNNVD-201501-727 // NVD: CVE-2014-8820

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-8820

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-727

TYPE

Unknown

Trust: 0.3

sources: BID: 72328

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001297

PATCH

title:	APPLE-SA-2015-01-27-4	url:	http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/en-us/HT204244	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/ja-jp/HT204244	Trust: 0.8

sources: JVNDB: JVNDB-2015-001297

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8820	Trust: 2.8
db:	SECTRACK	id:	1031650	Trust: 1.1
db:	BID	id:	72328	Trust: 0.9
db:	JVN	id:	JVNVU96447236	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001297	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-727	Trust: 0.7
db:	VULHUB	id:	VHN-76765	Trust: 0.1

sources: VULHUB: VHN-76765 // BID: 72328 // JVNDB: JVNDB-2015-001297 // CNNVD: CNNVD-201501-727 // NVD: CVE-2014-8820

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html	Trust: 1.1
url:	http://support.apple.com/ht204244	Trust: 1.1
url:	http://www.securitytracker.com/id/1031650	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100501	Trust: 1.1
url:	http://www.apple.com/macosx/	Trust: 0.9
url:	https://support.apple.com/en-us/ht204659	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8820	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96447236/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8820	Trust: 0.8
url:	https://www.securityfocus.com/bid/72328	Trust: 0.6

sources: VULHUB: VHN-76765 // BID: 72328 // JVNDB: JVNDB-2015-001297 // CNNVD: CNNVD-201501-727 // NVD: CVE-2014-8820

CREDITS

Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC

Trust: 0.6

sources: CNNVD: CNNVD-201501-727

SOURCES

db:	VULHUB	id:	VHN-76765
db:	BID	id:	72328
db:	JVNDB	id:	JVNDB-2015-001297
db:	CNNVD	id:	CNNVD-201501-727
db:	NVD	id:	CVE-2014-8820

LAST UPDATE DATE

2025-04-13T21:46:31.509000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76765	date:	2017-09-08T00:00:00
db:	BID	id:	72328	date:	2019-04-12T18:00:00
db:	JVNDB	id:	JVNDB-2015-001297	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-727	date:	2019-04-15T00:00:00
db:	NVD	id:	CVE-2014-8820	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76765	date:	2015-01-30T00:00:00
db:	BID	id:	72328	date:	2015-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-001297	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-727	date:	2015-01-30T00:00:00
db:	NVD	id:	CVE-2014-8820	date:	2015-01-30T11:59:31.280