Sign-up

ID

VAR-201501-0271


CVE

CVE-2014-8834


TITLE

Apple OS X of UserAccountUpdater Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-001311

DESCRIPTION

UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2. UserAccountUpdater is one of the user account update components

Trust: 1.98

sources: NVD: CVE-2014-8834 // JVNDB: JVNDB-2015-001311 // BID: 72328 // VULHUB: VHN-76779

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.10

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.2

Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001311 // CNNVD: CNNVD-201501-739 // NVD: CVE-2014-8834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8834
value: LOW

Trust: 1.0

NVD: CVE-2014-8834
value: LOW

Trust: 0.8

CNNVD: CNNVD-201501-739
value: LOW

Trust: 0.6

VULHUB: VHN-76779
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-8834
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76779
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76779 // JVNDB: JVNDB-2015-001311 // CNNVD: CNNVD-201501-739 // NVD: CVE-2014-8834

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-76779 // JVNDB: JVNDB-2015-001311 // NVD: CVE-2014-8834

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-739

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201501-739

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001311

PATCH
title:APPLE-SA-2015-01-27-4url:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Trust: 0.8
title:HT204244url:http://support.apple.com/en-us/HT204244
Trust: 0.8
title:HT204244url:http://support.apple.com/ja-jp/HT204244
Trust: 0.8
title:osxupd10.10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587
Trust: 0.6
title:iPhone7,1_8.1.3_12B466_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-001311 // 
            
            
            
            CNNVD: CNNVD-201501-739

EXTERNAL IDS
db:NVDid:CVE-2014-8834
Trust: 2.8
db:SECTRACKid:1031650
Trust: 1.1
db:BIDid:72328
Trust: 0.9
db:JVNid:JVNVU96447236
Trust: 0.8
db:JVNDBid:JVNDB-2015-001311
Trust: 0.8
db:CNNVDid:CNNVD-201501-739
Trust: 0.7
db:VULHUBid:VHN-76779
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76779 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001311 // 
            
            
            
            CNNVD: CNNVD-201501-739 // 
            
            
            
            NVD: CVE-2014-8834

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html
Trust: 1.1
url:http://support.apple.com/ht204244
Trust: 1.1
url:http://www.securitytracker.com/id/1031650
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100531
Trust: 1.1
url:http://www.apple.com/macosx/
Trust: 0.9
url:https://support.apple.com/en-us/ht204659
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8834
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96447236/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8834
Trust: 0.8
url:https://www.securityfocus.com/bid/72328
Trust: 0.6
sources:
            
            
            VULHUB: VHN-76779 // 
            
            
            
            BID: 72328 // 
            
            
            
            JVNDB: JVNDB-2015-001311 // 
            
            
            
            CNNVD: CNNVD-201501-739 // 
            
            
            
            NVD: CVE-2014-8834

CREDITS
Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201501-739

SOURCES
db:VULHUBid:VHN-76779
db:BIDid:72328
db:JVNDBid:JVNDB-2015-001311
db:CNNVDid:CNNVD-201501-739
db:NVDid:CVE-2014-8834

LAST UPDATE DATE
2025-04-13T20:19:14.851000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76779date:2017-09-08T00:00:00
db:BIDid:72328date:2019-04-12T18:00:00
db:JVNDBid:JVNDB-2015-001311date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-739date:2019-04-15T00:00:00
db:NVDid:CVE-2014-8834date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-76779date:2015-01-30T00:00:00
db:BIDid:72328date:2015-01-27T00:00:00
db:JVNDBid:JVNDB-2015-001311date:2015-02-12T00:00:00
db:CNNVDid:CNNVD-201501-739date:2015-01-27T00:00:00
db:NVDid:CVE-2014-8834date:2015-01-30T11:59:43.860