Details of VAR-201501-0272

ID

VAR-201501-0272

CVE

CVE-2014-8835

TITLE

Apple OS X of libxpc of xpc_data_get_bytes Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2015-001312

DESCRIPTION

The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy the attacker, sysmond By providing a crafted dictionary, arbitrary code could be executed. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.10.2

Trust: 2.25

sources: NVD: CVE-2014-8835 // JVNDB: JVNDB-2015-001312 // BID: 71992 // BID: 72328 // VULHUB: VHN-76780

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.1	Trust: 2.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.10.2	Trust: 0.3

sources: BID: 72328 // JVNDB: JVNDB-2015-001312 // CNNVD: CNNVD-201501-740 // NVD: CVE-2014-8835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8835
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8835
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201501-330
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-201501-740
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76780
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8835
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76780
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76780 // JVNDB: JVNDB-2015-001312 // CNNVD: CNNVD-201501-330 // CNNVD: CNNVD-201501-740 // NVD: CVE-2014-8835

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-76780 // JVNDB: JVNDB-2015-001312 // NVD: CVE-2014-8835

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201501-330

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201501-330

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001312

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-76780

PATCH

title:	APPLE-SA-2015-01-27-4	url:	http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/en-us/HT204244	Trust: 0.8
title:	HT204244	url:	http://support.apple.com/ja-jp/HT204244	Trust: 0.8
title:	osxupd10.10.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53587	Trust: 0.6
title:	iPhone7,1_8.1.3_12B466_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53586	Trust: 0.6

sources: JVNDB: JVNDB-2015-001312 // CNNVD: CNNVD-201501-740

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8835	Trust: 3.7
db:	BID	id:	71992	Trust: 2.0
db:	EXPLOIT-DB	id:	35742	Trust: 1.7
db:	BID	id:	72328	Trust: 1.5
db:	SECTRACK	id:	1031650	Trust: 1.1
db:	PACKETSTORM	id:	135701	Trust: 1.1
db:	JVN	id:	JVNVU96447236	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001312	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-740	Trust: 0.7
db:	CNNVD	id:	CNNVD-201501-330	Trust: 0.7
db:	VULHUB	id:	VHN-76780	Trust: 0.1

sources: VULHUB: VHN-76780 // BID: 71992 // BID: 72328 // JVNDB: JVNDB-2015-001312 // CNNVD: CNNVD-201501-330 // CNNVD: CNNVD-201501-740 // NVD: CVE-2014-8835

REFERENCES

url:	https://code.google.com/p/google-security-research/issues/detail?id=121	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/71992	Trust: 1.7
url:	http://support.apple.com/ht204244	Trust: 1.7
url:	http://www.exploit-db.com/exploits/35742/	Trust: 1.7
url:	https://www.securityfocus.com/bid/72328	Trust: 1.2
url:	http://packetstormsecurity.com/files/135701/os-x-sysmond-xpc-type-confusion-privilege-escalation.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1031650	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100530	Trust: 1.1
url:	http://www.apple.com/macosx/	Trust: 0.9
url:	https://support.apple.com/en-us/ht204659	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8835	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96447236/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8835	Trust: 0.8
url:	https://www.apple.com/osx/	Trust: 0.3

sources: VULHUB: VHN-76780 // BID: 71992 // BID: 72328 // JVNDB: JVNDB-2015-001312 // CNNVD: CNNVD-201501-330 // CNNVD: CNNVD-201501-740 // NVD: CVE-2014-8835

CREDITS

Vitaliy Toropov working with HP's Zero Day Initiative, Roberto Paleari and Aristide Fattori of Emaze Networks, Sten Petersen, Mike Myers,Ian Beer of Google Project Zero, Ale, @PanguTeam, Trammell Hudson of Two Sigma Investments, Alex, of Digital Operatives LLC

Trust: 0.6

sources: CNNVD: CNNVD-201501-330

SOURCES

db:	VULHUB	id:	VHN-76780
db:	BID	id:	71992
db:	BID	id:	72328
db:	JVNDB	id:	JVNDB-2015-001312
db:	CNNVD	id:	CNNVD-201501-330
db:	CNNVD	id:	CNNVD-201501-740
db:	NVD	id:	CVE-2014-8835

LAST UPDATE DATE

2025-04-13T22:39:38.534000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76780	date:	2017-09-08T00:00:00
db:	BID	id:	71992	date:	2015-04-13T20:01:00
db:	BID	id:	72328	date:	2019-04-12T18:00:00
db:	JVNDB	id:	JVNDB-2015-001312	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201501-330	date:	2019-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201501-740	date:	2021-09-07T00:00:00
db:	NVD	id:	CVE-2014-8835	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76780	date:	2015-01-30T00:00:00
db:	BID	id:	71992	date:	2015-01-08T00:00:00
db:	BID	id:	72328	date:	2015-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-001312	date:	2015-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201501-330	date:	2015-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201501-740	date:	2015-01-27T00:00:00
db:	NVD	id:	CVE-2014-8835	date:	2015-01-30T11:59:44.673