Sign-up

ID

VAR-201501-0259


CVE

CVE-2014-8822


TITLE

Apple OS X of IOHIDFamily Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-001295

DESCRIPTION

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2

Trust: 1.98

sources: NVD: CVE-2014-8822 // JVNDB: JVNDB-2015-001295 // BID: 72328 // VULHUB: VHN-76767

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.10.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001295 // CNNVD: CNNVD-201501-731 // NVD: CVE-2014-8822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8822
value: HIGH

Trust: 1.0

NVD: CVE-2014-8822
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201501-731
value: CRITICAL

Trust: 0.6

VULHUB: VHN-76767
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8822
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76767
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76767 // JVNDB: JVNDB-2015-001295 // CNNVD: CNNVD-201501-731 // NVD: CVE-2014-8822

PROBLEMTYPE DATA

problemtype:CWE-19

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-76767 // JVNDB: JVNDB-2015-001295 // NVD: CVE-2014-8822

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-731

TYPE

Unknown

Trust: 0.3

sources: BID: 72328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001295

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:osxupd10.10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587
Trust: 0.6
title:iPhone7,1_8.1.3_12B466_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001295 // 
            
            
            
            CNNVD: CNNVD-201501-731

EXTERNAL IDS
db:NVDid:CVE-2014-8822
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001295
Trust: 0.8
db:CNNVDid:CNNVD-201501-731
Trust: 0.7
db:VULHUBid:VHN-76767
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76767 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001295 // 
            
            
            
            CNNVD: CNNVD-201501-731 // 
            
            
            
            NVD: CVE-2014-8822

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100513
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8822
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96447236/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8822
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76767 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001295 // 
            
            
            
            CNNVD: CNNVD-201501-731 // 
            
            
            
            NVD: CVE-2014-8822

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-731

SOURCES
db:VULHUBid:VHN-76767
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001295
db:CNNVDid:CNNVD-201501-731
db:NVDid:CVE-2014-8822

LAST UPDATE DATE
2025-04-13T22:36:52.627000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76767date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001295date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-731date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8822date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76767date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001295date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-731date:2015-01-30T00:00:00
db:NVDid:CVE-2014-8822date:2015-01-30T11:59:32.937