Sign-up

ID

VAR-201501-0258


CVE

CVE-2014-8821


TITLE

Apple OS X of Intel Graphics Driver Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-001296

DESCRIPTION

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. This vulnerability CVE-2014-8819 and CVE-2014-8820 Is a different vulnerability.Authority may be obtained by local users. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. Intel Graphics Driver is one of the graphics card drivers

Trust: 1.98

sources: NVD: CVE-2014-8821 // JVNDB: JVNDB-2015-001296 // BID: 72328 // VULHUB: VHN-76766

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001296 // CNNVD: CNNVD-201501-748 // NVD: CVE-2014-8821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8821
value: HIGH

Trust: 1.0

NVD: CVE-2014-8821
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201501-748
value: HIGH

Trust: 0.6

VULHUB: VHN-76766
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8821
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76766
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76766 // JVNDB: JVNDB-2015-001296 // CNNVD: CNNVD-201501-748 // NVD: CVE-2014-8821

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-8821

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-748

TYPE

Unknown

Trust: 0.3

sources: BID: 72328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001296

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:osxupd10.10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587
Trust: 0.6
title:iPhone7,1_8.1.3_12B466_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001296 // 
            
            
            
            CNNVD: CNNVD-201501-748

EXTERNAL IDS
db:NVDid:CVE-2014-8821
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001296
Trust: 0.8
db:CNNVDid:CNNVD-201501-748
Trust: 0.7
db:VULHUBid:VHN-76766
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76766 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001296 // 
            
            
            
            CNNVD: CNNVD-201501-748 // 
            
            
            
            NVD: CVE-2014-8821

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100502
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8821
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96447236/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8821
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76766 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001296 // 
            
            
            
            CNNVD: CNNVD-201501-748 // 
            
            
            
            NVD: CVE-2014-8821

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-748

SOURCES
db:VULHUBid:VHN-76766
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001296
db:CNNVDid:CNNVD-201501-748
db:NVDid:CVE-2014-8821

LAST UPDATE DATE
2025-04-13T20:23:27.563000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76766date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001296date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-748date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8821date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76766date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001296date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-748date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8821date:2015-01-30T11:59:32.140